$page 0 $size 0 total 1072 data inner_reference CC subCategory SuspTrafficRemoteCtrl sclass C2Others sendHostAddress 10161252 baas_sink_process_time 1688149702719

import json

response = { "$page": 0, "$size": 0, "total": 1072, "data": [ { "inner_reference": "CC", "subCategory": "/SuspTraffic/RemoteCtrl", "sclass": "/C2/Others", "sendHostAddress": "10.16.1.252", "baas_sink_process_time": 1688149702719, "srcPort": 42021, "baas_internal_save_dynList": false, "destAddress": "10.16.1.56", "deviceCat": "/Audit", "TIName": "ThreatIntelligenceCentreSource", "machineCode": "5C17447891136C8CECFE38B3BEEAFE26", "dnsType": "query", "srcGeoCity": "郑州", "modelType": "intelligence", "srcAddress": "218.29.128.238", "tags": [ "group_8220" ], "IoCThreatName": "8220 Mining Gang组织远控木马活动事件", "productVendorName": "安恒", "transProtocol": "UDP", "catObject": "/Host/Application/Service", "deviceSendProductName": "AiNTA", "logSessionId": "1467949486342320", "catOutcome": "Attempt", "killChain": "KC_Others", "collectorReceiptTime": "2023-07-01 02:32:14", "appProtocol": "dns", "destSecurityZone": "outer", "destMacAddress": "38-AD-8E-EA-EA-6F", "eventIDs": "2708065157292294209", "deviceAddress": "10.16.1.252", "destGeoCountry": "局域网", "startTime": "2023-07-01 02:28:22", "baas_internal_save_event": true, "isAPT": false, "suggestion": "defaultTemplate", "queryType": "A", "modelName": "CC", "@timestamp": "2023-06-30T18:28:22.000Z", "baas_engineInfo": [ "info:78.118.1.25,1.datanode1", "info:78.118.1.25,1.datanode1" ], "catBehavior": "/Communicate", "inner_ioc_type": "内置情报", "IoCLevel": "High", "endTime": "2023-07-01 02:28:22", "srcGeoRegion": "河南", "fromCustomStrategy": true, "IoCType": "domain", "AiLPHAPartID": "000001", "IoCHash": "497fc7bfb319d1aa", "inner_tiMatchField": "requestDomain", "eventCount": 1, "deviceReceiptTime": "2023-07-01 02:32:14", "deviceName": "AiNTA流量分析系统", "mclass": "/C2", "inner_report": "aggLabled", "TIMatchField": "requestDomain", "alarmDescription": "defaultTemplate", "baasAlarmUuid": "774c9bc94e221036a9a837556e22d70f9743ba7c10d3367948457dc30faa2408", "srcGeoLongitude": "113.695257", "srcGeoLatitude": "34.792765", "eventId": "6220478787817345040", "netId": "4587a501-3e0a-11ed-bd8f-02424e76011b_1664244935", "logname": "DNS查询请求", "dataType": "traffic", "alarmName": "8220 Mining Gang组织远控木马活动事件", "windowId": "20210101000000-86400sec-911", "srcGeoCountry": "中国", "srcOrgId": "outer", "sourceEventIds": "2708065157292294209", "catTechnique": "/UNKNOWN", "name": "8220 Mining Gang组织远控木马活动事件", "destGeoRegion": "局域网", "IoC": "deb.thegov.win", "dataSource": "security_logs", "logType": "dns", "dataSubType": "dnsTraffic", "TIType": "domain", "destPort": 53, "chineseModelName": "C&C地址", "destHostAssetId": "asset_48dffcb0-0606-435f-839f-f25d652881dd_1664348453074", "deviceProductType": "入侵检测系统", "baas_internal_save_alarm": true, "inner_IoC": "deb.thegov.win", "timeInterval": "86400", "victim": [ "10.16.1.56" ] } ] }

total = response["total"] print(total