{"id":77,"date":"2021-10-09T08:50:38","date_gmt":"2021-10-09T08:50:38","guid":{"rendered":"https:\/\/idstower.com\/blog\/?p=77"},"modified":"2022-07-22T14:45:58","modified_gmt":"2022-07-22T14:45:58","slug":"alerting-on-iocs-using-suricata","status":"publish","type":"post","link":"https:\/\/idstower.com\/blog\/alerting-on-iocs-using-suricata\/","title":{"rendered":"Alerting on IOCs using Suricata"},"content":{"rendered":"\n

In our previous post, we talked about Why you should use Suricata IDS to alert on IOCs<\/a>, Suricata has a relatively new feature called Datasets<\/a>, that allows you to alert on a Indicators of Compromise (IOCs), such as malicious domains and IPs.<\/p>\n\n\n\n

This feature works in a very simple way, you need to create a file with the lists of the Indicators in Base64 encoded format for string data (eg: domains) and hex notation for hashes (eg: sha265 malicious file hash) and a Suricata Rule to utilize that Indicators list<\/strong>.<\/p>\n\n\n\n

In this post I will explain how to utilize the Datasets feature of Suricata to alert on DNS Queries to malicious domains obtained from abuse.ch ThreatFox API<\/a>.<\/p>\n\n\n\n

Preparing the IOCs file<\/h3>\n\n\n\n

The first thing to do is to download the list of IOCs from the ThreatFox API using a simple curl command that will save the data in a file named iocs_list.json:<\/p>\n\n\n\n

curl -X POST https:\/\/threatfox-api.abuse.ch\/api\/v1\/ -d '{ \"query\": \"get_iocs\", \"days\": 90 }' > iocs_list.json<\/code><\/pre>\n\n\n\n
then we filter the json data for domain IOCs, we will use jq<\/strong> linux command for this and save the output in  domains.text:<\/p>\n\n\n\n
cat iocs_list.json | jq -c -r '.data[] | select( .ioc_type == \"domain\") | .ioc' > domains.text<\/code><\/pre>\n\n\n\n
 finally, we will encode the domains in base64 format as required by Suricata<\/p>\n\n\n\n
while IFS= read -r line; do echo -n $line | base64 -w 1000; done < domains.text > domains_iocs.list<\/code><\/pre>\n\n\n\n
now that we have our IOCs list ready in domains_iocs.list, lets copy it to our suricata rules directory<\/p>\n\n\n\n
cp domains_iocs.list \/etc\/suricata\/rules\/ && chown suricata:suricata \/etc\/suricata\/rules\/domains_iocs.list<\/code><\/pre>\n\n\n\n
Creating the Suricata IDS Rule<\/h3>\n\n\n\n
To alert on DNS Queries to any of the malicious domains in domains_iocs.list, we need to create an IDS Rule, that will compare the dns.query keyword value with the domains in domains_iocs.list and generate an alert when it finds a match.<\/p>\n\n\n\n
The Rule is:<\/p>\n\n\n\n
alert dns $HOME_NET any -> any any (msg:\"DNS Query to Malicious FQDN\"; dns.query; dataset:isset, domains_iocs, type string, load \/etc\/suricata\/rules\/domains_iocs.list, memcap 10mb, hashsize 1024; classtype: trojan-activity; sid:1000000; rev:1;)<\/code><\/pre>\n\n\n\n
In the above example, we chose do define the DataSet in the rule rather than suricata.yaml, this will make suricata reload the datasets when we reload the IDS Rules<\/a>, if you choose to define the DataSet in suricata.yaml, you will have to update the indicators one-by-one using dataset-add &  dataset-remove Unix Socket Commands<\/a>.<\/p>\n\n\n\n
We then place the above rule in a new rules file named iocs.rule and configure suricata to load it by adding iocs.rules to the list of rules files<\/p>\n\n\n\n
echo 'alert dns $HOME_NET any -> any any (msg:\"DNS Query to Malicious FQDN\"; dns.query; dataset:isset, domains_iocs, type string, load \/etc\/suricata\/rules\/domains_iocs.list, memcap 10mb, hashsize 1024; classtype: trojan-activity; sid:1000000; rev:1;)' > \/etc\/suricata\/rules\/iocs.rules<\/code><\/pre>\n\n\n\n
Here is the suricata.yaml configuration section, notice that we changed the default rules path to \/etc\/suricata\/rules since we placed iocs.rules file there<\/p>\n\n\n\n
default-rule-path: \/etc\/suricata\/rules\r\n\r\nrule-files:\r\n  - suricata.rules\r\n  - iocs.rules<\/code><\/pre>\n\n\n\n
Then we proceed to run suricata and make it listen to traffic in our testing VM<\/p>\n\n\n\n
suricata -c \/etc\/suricata\/suricata.yaml -i enp0s3<\/code><\/pre>\n\n\n\n
Verifying that Alerting works<\/h3>\n\n\n\n
Now that we have suricata running and listening to traffic from\/to our testing VM, we are going to verify that our IOCs alerting actually works by sending a dns query to one of the domains listed in our domains_iocs.list file.<\/p>\n\n\n\n
To do this lets get the first domain:<\/p>\n\n\n\n
cat \/etc\/suricata\/rules\/domains_iocs.list | head -n 1 | base64 -d<\/code><\/pre>\n\n\n\n
and then make a dns query to it using nslookup command, you will need bind-utils package installed to get this command<\/p>\n\n\n\n
[root@suricataHost-Centos8 ~]# nslookup u876134.nsupdate.info\r\nServer:         8.8.8.8\r\nAddress:        8.8.8.8#53\r\n\r\nNon-authoritative answer:\r\nName:   u876134.nsupdate.info\r\nAddress: 207.244.235.224\r<\/code><\/pre>\n\n\n\n
By inspecting \/var\/log\/suricata\/eve.json for alerts, we can see that suricata generated the following alert:<\/p>\n\n\n\n
{\r\n    \"timestamp\": \"2021-10-08T23:21:45.862793+0400\",\r\n    \"flow_id\": 1107584459811401,\r\n    \"in_iface\": \"enp0s3\",\r\n    \"event_type\": \"alert\",\r\n    \"src_ip\": \"192.168.5.102\",\r\n    \"src_port\": 46647,\r\n    \"dest_ip\": \"8.8.8.8\",\r\n    \"dest_port\": 53,\r\n    \"proto\": \"UDP\",\r\n    \"tx_id\": 0,\r\n    \"alert\": {\r\n        \"action\": \"allowed\",\r\n        \"gid\": 1,\r\n        \"signature_id\": 1000000,\r\n        \"rev\": 1,\r\n        \"signature\": \"DNS Query to Malicious FQDN\",\r\n        \"category\": \"A Network Trojan was detected\",\r\n        \"severity\": 1\r\n    },\r\n    \"dns\": {\r\n        \"query\": [\r\n            {\r\n                \"type\": \"query\",\r\n                \"id\": 42375,\r\n                \"rrname\": \"u876134.nsupdate.info\",\r\n                \"rrtype\": \"AAAA\",\r\n                \"tx_id\": 0\r\n            }\r\n        ]\r\n    },\r\n    \"app_proto\": \"dns\",\r\n    \"flow\": {\r\n        \"pkts_toserver\": 1,\r\n        \"pkts_toclient\": 0,\r\n        \"bytes_toserver\": 81,\r\n        \"bytes_toclient\": 0,\r\n        \"start\": \"2021-10-08T23:21:45.862793+0400\"\r\n    }\r\n}<\/code><\/pre>\n\n\n\n
as we can see, Suricata successfully alerted on the malicious domain, this features can easily scale to alert on million of IOCs that you would otherwise need to write tens of thousands rules for them to get the same results.<\/p>\n\n\n\n
How IDSTower can help?<\/strong><\/h5>\n\n\n\n
IDSTower not only will automatically setup & configure those features in Suricata<\/a>, it will also Integrate with Threat Intelligence Feeds to download IOCs and push them to Suricata<\/a>, all with a single click!<\/p>\n\n\n\n
If you are interested to learn more on how IDSTower can help you enhance your network security operations, please take a look at the Features that IDSTower offers<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"
In our previous post, we talked about Why you should use Suricata IDS to alert on IOCs, Suricata has a relatively new feature called Datasets, that allows you to alert on a Indicators of Compromise (IOCs), such as malicious domains and IPs. This feature works in a very simple way, you need to create a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[3],"tags":[9,8,10],"class_list":["post-77","post","type-post","status-publish","format-standard","hentry","category-suricata-ids","tag-iocs","tag-suricata","tag-threat-intelligence"],"yoast_head":"\nAlerting on IOCs using Suricata - IDSTower Blog<\/title>\n<meta name=\"description\" content=\"In this post I will explain how to utilize the Datasets feature of Suricata to alert on DNS Queries to malicious domains obtained from abuse.ch ThreatFox API.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/idstower.com\/blog\/alerting-on-iocs-using-suricata\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Alerting on IOCs using Suricata\" \/>\n<meta property=\"og:description\" content=\"In this post I will explain how to utilize the Datasets feature of Suricata to alert on DNS Queries to malicious domains obtained from abuse.ch ThreatFox API.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/idstower.com\/blog\/alerting-on-iocs-using-suricata\/\" \/>\n<meta property=\"og:site_name\" content=\"IDSTower Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-10-09T08:50:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-07-22T14:45:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/idstower.com\/blog\/wp-content\/uploads\/2021\/07\/logo-min.png\" \/>\n\t<meta property=\"og:image:width\" content=\"184\" \/>\n\t<meta property=\"og:image:height\" content=\"50\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Alerting on IOCs using Suricata\" \/>\n<meta name=\"twitter:description\" content=\"In this post I will explain how to utilize the Datasets feature of Suricata to alert on DNS Queries to malicious domains obtained from abuse.ch ThreatFox API.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/idstower.com\/blog\/wp-content\/uploads\/2021\/07\/logo-min-1.png\" \/>\n<meta name=\"twitter:creator\" content=\"@IDSTower\" \/>\n<meta name=\"twitter:site\" content=\"@IDSTower\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/idstower.com\\\/blog\\\/alerting-on-iocs-using-suricata\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/idstower.com\\\/blog\\\/alerting-on-iocs-using-suricata\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/idstower.com\\\/blog\\\/#\\\/schema\\\/person\\\/de3006b0e8ec6f07ed283b57edc0137d\"},\"headline\":\"Alerting on IOCs using Suricata\",\"datePublished\":\"2021-10-09T08:50:38+00:00\",\"dateModified\":\"2022-07-22T14:45:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/idstower.com\\\/blog\\\/alerting-on-iocs-using-suricata\\\/\"},\"wordCount\":597,\"publisher\":{\"@id\":\"https:\\\/\\\/idstower.com\\\/blog\\\/#organization\"},\"keywords\":[\"IOCs\",\"Suricata\",\"Threat Intelligence\"],\"articleSection\":[\"Suricata IDS\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/idstower.com\\\/blog\\\/alerting-on-iocs-using-suricata\\\/\",\"url\":\"https:\\\/\\\/idstower.com\\\/blog\\\/alerting-on-iocs-using-suricata\\\/\",\"name\":\"Alerting on IOCs using Suricata - IDSTower Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/idstower.com\\\/blog\\\/#website\"},\"datePublished\":\"2021-10-09T08:50:38+00:00\",\"dateModified\":\"2022-07-22T14:45:58+00:00\",\"description\":\"In this post I will explain how to utilize the Datasets feature of Suricata to alert on DNS Queries to malicious domains obtained from abuse.ch ThreatFox API.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/idstower.com\\\/blog\\\/alerting-on-iocs-using-suricata\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/idstower.com\\\/blog\\\/alerting-on-iocs-using-suricata\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/idstower.com\\\/blog\\\/alerting-on-iocs-using-suricata\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/idstower.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Alerting on IOCs using Suricata\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/idstower.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/idstower.com\\\/blog\\\/\",\"name\":\"IDSTower Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/idstower.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/idstower.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/idstower.com\\\/blog\\\/#organization\",\"name\":\"IDSTower\",\"url\":\"https:\\\/\\\/idstower.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/idstower.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/idstower.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/logo-min-1.png\",\"contentUrl\":\"https:\\\/\\\/idstower.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/logo-min-1.png\",\"width\":184,\"height\":50,\"caption\":\"IDSTower\"},\"image\":{\"@id\":\"https:\\\/\\\/idstower.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/IDSTower\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/idstower.com\\\/blog\\\/#\\\/schema\\\/person\\\/de3006b0e8ec6f07ed283b57edc0137d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/446d57f9f6515801789387627928696577a5920591f0aa3658734e8e5f482304?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/446d57f9f6515801789387627928696577a5920591f0aa3658734e8e5f482304?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/446d57f9f6515801789387627928696577a5920591f0aa3658734e8e5f482304?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"http:\\\/\\\/idstower.com\\\/blog\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Alerting on IOCs using Suricata - IDSTower Blog","description":"In this post I will explain how to utilize the Datasets feature of Suricata to alert on DNS Queries to malicious domains obtained from abuse.ch ThreatFox API.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/idstower.com\/blog\/alerting-on-iocs-using-suricata\/","og_locale":"en_US","og_type":"article","og_title":"Alerting on IOCs using Suricata","og_description":"In this post I will explain how to utilize the Datasets feature of Suricata to alert on DNS Queries to malicious domains obtained from abuse.ch ThreatFox API.","og_url":"https:\/\/idstower.com\/blog\/alerting-on-iocs-using-suricata\/","og_site_name":"IDSTower Blog","article_published_time":"2021-10-09T08:50:38+00:00","article_modified_time":"2022-07-22T14:45:58+00:00","og_image":[{"width":184,"height":50,"url":"https:\/\/idstower.com\/blog\/wp-content\/uploads\/2021\/07\/logo-min.png","type":"image\/png"}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"Alerting on IOCs using Suricata","twitter_description":"In this post I will explain how to utilize the Datasets feature of Suricata to alert on DNS Queries to malicious domains obtained from abuse.ch ThreatFox API.","twitter_image":"https:\/\/idstower.com\/blog\/wp-content\/uploads\/2021\/07\/logo-min-1.png","twitter_creator":"@IDSTower","twitter_site":"@IDSTower","twitter_misc":{"Written by":"admin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/idstower.com\/blog\/alerting-on-iocs-using-suricata\/#article","isPartOf":{"@id":"https:\/\/idstower.com\/blog\/alerting-on-iocs-using-suricata\/"},"author":{"name":"admin","@id":"https:\/\/idstower.com\/blog\/#\/schema\/person\/de3006b0e8ec6f07ed283b57edc0137d"},"headline":"Alerting on IOCs using Suricata","datePublished":"2021-10-09T08:50:38+00:00","dateModified":"2022-07-22T14:45:58+00:00","mainEntityOfPage":{"@id":"https:\/\/idstower.com\/blog\/alerting-on-iocs-using-suricata\/"},"wordCount":597,"publisher":{"@id":"https:\/\/idstower.com\/blog\/#organization"},"keywords":["IOCs","Suricata","Threat Intelligence"],"articleSection":["Suricata IDS"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/idstower.com\/blog\/alerting-on-iocs-using-suricata\/","url":"https:\/\/idstower.com\/blog\/alerting-on-iocs-using-suricata\/","name":"Alerting on IOCs using Suricata - IDSTower Blog","isPartOf":{"@id":"https:\/\/idstower.com\/blog\/#website"},"datePublished":"2021-10-09T08:50:38+00:00","dateModified":"2022-07-22T14:45:58+00:00","description":"In this post I will explain how to utilize the Datasets feature of Suricata to alert on DNS Queries to malicious domains obtained from abuse.ch ThreatFox API.","breadcrumb":{"@id":"https:\/\/idstower.com\/blog\/alerting-on-iocs-using-suricata\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/idstower.com\/blog\/alerting-on-iocs-using-suricata\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/idstower.com\/blog\/alerting-on-iocs-using-suricata\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/idstower.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Alerting on IOCs using Suricata"}]},{"@type":"WebSite","@id":"https:\/\/idstower.com\/blog\/#website","url":"https:\/\/idstower.com\/blog\/","name":"IDSTower Blog","description":"","publisher":{"@id":"https:\/\/idstower.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/idstower.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/idstower.com\/blog\/#organization","name":"IDSTower","url":"https:\/\/idstower.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/idstower.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/idstower.com\/blog\/wp-content\/uploads\/2021\/07\/logo-min-1.png","contentUrl":"https:\/\/idstower.com\/blog\/wp-content\/uploads\/2021\/07\/logo-min-1.png","width":184,"height":50,"caption":"IDSTower"},"image":{"@id":"https:\/\/idstower.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/IDSTower"]},{"@type":"Person","@id":"https:\/\/idstower.com\/blog\/#\/schema\/person\/de3006b0e8ec6f07ed283b57edc0137d","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/446d57f9f6515801789387627928696577a5920591f0aa3658734e8e5f482304?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/446d57f9f6515801789387627928696577a5920591f0aa3658734e8e5f482304?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/446d57f9f6515801789387627928696577a5920591f0aa3658734e8e5f482304?s=96&d=mm&r=g","caption":"admin"},"sameAs":["http:\/\/idstower.com\/blog"]}]}},"_links":{"self":[{"href":"https:\/\/idstower.com\/blog\/wp-json\/wp\/v2\/posts\/77","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/idstower.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/idstower.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/idstower.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/idstower.com\/blog\/wp-json\/wp\/v2\/comments?post=77"}],"version-history":[{"count":9,"href":"https:\/\/idstower.com\/blog\/wp-json\/wp\/v2\/posts\/77\/revisions"}],"predecessor-version":[{"id":139,"href":"https:\/\/idstower.com\/blog\/wp-json\/wp\/v2\/posts\/77\/revisions\/139"}],"wp:attachment":[{"href":"https:\/\/idstower.com\/blog\/wp-json\/wp\/v2\/media?parent=77"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/idstower.com\/blog\/wp-json\/wp\/v2\/categories?post=77"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/idstower.com\/blog\/wp-json\/wp\/v2\/tags?post=77"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}