Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

cisco se - add sample data

This commit is contained in:
Vitalii Uslystyi 2021-10-04 18:55:57 +03:00
Родитель 6ab87ab7bd
Коммит 01725262bf
1 изменённых файлов: 149 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

149
Sample Data/Custom/CiscoSecureEndpoint_CL.json Normal file
Просмотреть файл

@ -0,0 +1,149 @@
[
{
"RawData": "",
"id_d": "",
"timestamp_d": "",
"timestamp_nanoseconds_d": "",
"date_t": "",
"event_type_s": "",
"event_type_id_d": "",
"detection_s": "",
"detection_id_s": "",
"connector_guid_g": "",
"group_guids_s": "",
"severity_s": "",
"computer_connector_guid_g": "",
"computer_hostname_s": "",
"computer_external_ip_s": "",
"computer_user_s": "",
"computer_active_b": "",
"computer_network_addresses_s": "",
"computer_links_computer_s": "",
"computer_links_trajectory_s": "",
"computer_links_group_s": "",
"file_disposition_s": "",
"file_file_name_s": "",
"file_file_path_s": "",
"file_identity_sha256_s": "",
"file_identity_sha1_s": "",
"file_identity_md5_g": "",
"file_parent_process_id_d": "",
"file_parent_disposition_s": "",
"file_parent_file_name_s": "",
"file_parent_identity_sha256_s": "",
"file_parent_identity_sha1_s": "",
"file_parent_identity_md5_g": "",
"event_s": "create",
"audit_log_type_s": "Computer",
"audit_log_id_g": "",
"audit_log_user_s": "16db5cf986eec6f44422",
"created_at_t": "2021-10-01T11:42:59.525000",
"new_attributes_policy_id_d": "",
"new_attributes_product_version_id_d": "",
"audit_log_id_s": "16db5cf986eec6f44422",
"new_attributes_name_s": "test",
"new_attributes_desc_s": "Computer populated with demo data",
"new_attributes_hostname_s": "test",
"new_attributes_ip_external_s": "10.10.10.10",
"new_attributes_group_id_d": 431790,
"new_attributes_operating_system_id_d": 8795
},
{
"RawData": "",
"id_d": "",
"timestamp_d": "",
"timestamp_nanoseconds_d": "",
"date_t": "",
"event_type_s": "",
"event_type_id_d": "",
"detection_s": "",
"detection_id_s": "",
"connector_guid_g": "",
"group_guids_s": "",
"severity_s": "",
"computer_connector_guid_g": "",
"computer_hostname_s": "",
"computer_external_ip_s": "",
"computer_user_s": "",
"computer_active_b": "",
"computer_network_addresses_s": "",
"computer_links_computer_s": "",
"computer_links_trajectory_s": "",
"computer_links_group_s": "",
"file_disposition_s": "",
"file_file_name_s": "",
"file_file_path_s": "",
"file_identity_sha256_s": "",
"file_identity_sha1_s": "",
"file_identity_md5_g": "",
"file_parent_process_id_d": "",
"file_parent_disposition_s": "",
"file_parent_file_name_s": "",
"file_parent_identity_sha256_s": "",
"file_parent_identity_sha1_s": "",
"file_parent_identity_md5_g": "",
"event_s": "create",
"audit_log_type_s": "Agent",
"audit_log_id_g": "99f403ce-bee9-4b7a-97f0-c3e39e39078c",
"audit_log_user_s": "16db5cf986eec6f44422",
"created_at_t": "2021-10-01T11:42:59.525000",
"new_attributes_policy_id_d": 915608,
"new_attributes_product_version_id_d": 15342,
"audit_log_id_s": "",
"new_attributes_name_s": "",
"new_attributes_desc_s": "",
"new_attributes_hostname_s": "",
"new_attributes_ip_external_s": "",
"new_attributes_group_id_d": "",
"new_attributes_operating_system_id_d": ""
},
{
"RawData": "",
"id_d": 6180352115244790000,
"timestamp_d": 1582222838,
"timestamp_nanoseconds_d": 279000000,
"date_t": "2021-10-01T11:40:42.105000",
"event_type_s": "Threat Detected",
"event_type_id_d": 1090519054,
"detection_s": "W32.GenericKD:ZVETJ.18gs.1201",
"detection_id_s": "6180352115244793858",
"connector_guid_g": "20a0ce9f-44d1-0000-ab04-8a0705448b72",
"group_guids_s": "[\n \"6c3c2005-0000-4ba7-0000-c4d5b6bafe03\"\n]",
"severity_s": "Medium",
"computer_connector_guid_g": "20a0ce9f-44d1-0000-ab04-8a0705448b72",
"computer_hostname_s": "test",
"computer_external_ip_s": "10.10.10.10",
"computer_user_s": "A@TEST-W7X86",
"computer_active_b": true,
"computer_network_addresses_s": "[\n {\n \"ip\": \"10.10.10.10\",\n \"mac\": \"10:10:10:10:10:10\"\n }\n]",
"computer_links_computer_s": "https://api.amp.cisco.com/v1/computers/xxxxxxxx-xxxx-4cbb-ab04-8a0705448b72",
"computer_links_trajectory_s": "https://api.amp.cisco.com/v1/computers/xxxxxxxx-xxxx-4cbb-ab04-8a0705448b72/trajectory",
"computer_links_group_s": "https://api.amp.cisco.com/v1/groups/xxxxxxxx-xxxx-4ba7-8dbb-c4d5b6bafe03",
"file_disposition_s": "Malicious",
"file_file_name_s": "wsymqyv90.exe",
"file_file_path_s": "\\\\?\\C:\\Users\\Administrator\\AppData\\Local\\Temp\\OUTLOOK_TEMP\\wsymqyv90.exe",
"file_identity_sha256_s": "b630e72639cc7340620adb0cfc26332ec52fe8867b769695f2d25718d68b1b40",
"file_identity_sha1_s": "70aef829bec17195e6c8ec0e6cba0ed39f97ba48",
"file_identity_md5_g": "e2f5dcd9-66e2-6d54-329e-8d79c7201652",
"file_parent_process_id_d": 4040,
"file_parent_disposition_s": "Clean",
"file_parent_file_name_s": "iexplore.exe",
"file_parent_identity_sha256_s": "b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132",
"file_parent_identity_sha1_s": "8de30174cebc8732f1ba961e7d93fe5549495a80",
"file_parent_identity_md5_g": "b3581f42-6dc5-00a5-1091-cdd5bacf0454",
"event_s": "",
"audit_log_type_s": "",
"audit_log_id_g": "",
"audit_log_user_s": "",
"created_at_t": "",
"new_attributes_policy_id_d": "",
"new_attributes_product_version_id_d": "",
"audit_log_id_s": "",
"new_attributes_name_s": "",
"new_attributes_desc_s": "",
"new_attributes_hostname_s": "",
"new_attributes_ip_external_s": "",
"new_attributes_group_id_d": "",
"new_attributes_operating_system_id_d": ""
}
]