diff --git a/Sample Data/Custom/CiscoSecureEndpoint_CL.json b/Sample Data/Custom/CiscoSecureEndpoint_CL.json new file mode 100644 index 0000000000..20a37c3162 --- /dev/null +++ b/Sample Data/Custom/CiscoSecureEndpoint_CL.json @@ -0,0 +1,149 @@ +[ + { + "RawData": "", + "id_d": "", + "timestamp_d": "", + "timestamp_nanoseconds_d": "", + "date_t": "", + "event_type_s": "", + "event_type_id_d": "", + "detection_s": "", + "detection_id_s": "", + "connector_guid_g": "", + "group_guids_s": "", + "severity_s": "", + "computer_connector_guid_g": "", + "computer_hostname_s": "", + "computer_external_ip_s": "", + "computer_user_s": "", + "computer_active_b": "", + "computer_network_addresses_s": "", + "computer_links_computer_s": "", + "computer_links_trajectory_s": "", + "computer_links_group_s": "", + "file_disposition_s": "", + "file_file_name_s": "", + "file_file_path_s": "", + "file_identity_sha256_s": "", + "file_identity_sha1_s": "", + "file_identity_md5_g": "", + "file_parent_process_id_d": "", + "file_parent_disposition_s": "", + "file_parent_file_name_s": "", + "file_parent_identity_sha256_s": "", + "file_parent_identity_sha1_s": "", + "file_parent_identity_md5_g": "", + "event_s": "create", + "audit_log_type_s": "Computer", + "audit_log_id_g": "", + "audit_log_user_s": "16db5cf986eec6f44422", + "created_at_t": "2021-10-01T11:42:59.525000", + "new_attributes_policy_id_d": "", + "new_attributes_product_version_id_d": "", + "audit_log_id_s": "16db5cf986eec6f44422", + "new_attributes_name_s": "test", + "new_attributes_desc_s": "Computer populated with demo data", + "new_attributes_hostname_s": "test", + "new_attributes_ip_external_s": "10.10.10.10", + "new_attributes_group_id_d": 431790, + "new_attributes_operating_system_id_d": 8795 + }, + { + "RawData": "", + "id_d": "", + "timestamp_d": "", + "timestamp_nanoseconds_d": "", + "date_t": "", + "event_type_s": "", + "event_type_id_d": "", + "detection_s": "", + "detection_id_s": "", + "connector_guid_g": "", + "group_guids_s": "", + "severity_s": "", + "computer_connector_guid_g": "", + "computer_hostname_s": "", + "computer_external_ip_s": "", + "computer_user_s": "", + "computer_active_b": "", + "computer_network_addresses_s": "", + "computer_links_computer_s": "", + "computer_links_trajectory_s": "", + "computer_links_group_s": "", + "file_disposition_s": "", + "file_file_name_s": "", + "file_file_path_s": "", + "file_identity_sha256_s": "", + "file_identity_sha1_s": "", + "file_identity_md5_g": "", + "file_parent_process_id_d": "", + "file_parent_disposition_s": "", + "file_parent_file_name_s": "", + "file_parent_identity_sha256_s": "", + "file_parent_identity_sha1_s": "", + "file_parent_identity_md5_g": "", + "event_s": "create", + "audit_log_type_s": "Agent", + "audit_log_id_g": "99f403ce-bee9-4b7a-97f0-c3e39e39078c", + "audit_log_user_s": "16db5cf986eec6f44422", + "created_at_t": "2021-10-01T11:42:59.525000", + "new_attributes_policy_id_d": 915608, + "new_attributes_product_version_id_d": 15342, + "audit_log_id_s": "", + "new_attributes_name_s": "", + "new_attributes_desc_s": "", + "new_attributes_hostname_s": "", + "new_attributes_ip_external_s": "", + "new_attributes_group_id_d": "", + "new_attributes_operating_system_id_d": "" + }, + { + "RawData": "", + "id_d": 6180352115244790000, + "timestamp_d": 1582222838, + "timestamp_nanoseconds_d": 279000000, + "date_t": "2021-10-01T11:40:42.105000", + "event_type_s": "Threat Detected", + "event_type_id_d": 1090519054, + "detection_s": "W32.GenericKD:ZVETJ.18gs.1201", + "detection_id_s": "6180352115244793858", + "connector_guid_g": "20a0ce9f-44d1-0000-ab04-8a0705448b72", + "group_guids_s": "[\n \"6c3c2005-0000-4ba7-0000-c4d5b6bafe03\"\n]", + "severity_s": "Medium", + "computer_connector_guid_g": "20a0ce9f-44d1-0000-ab04-8a0705448b72", + "computer_hostname_s": "test", + "computer_external_ip_s": "10.10.10.10", + "computer_user_s": "A@TEST-W7X86", + "computer_active_b": true, + "computer_network_addresses_s": "[\n {\n \"ip\": \"10.10.10.10\",\n \"mac\": \"10:10:10:10:10:10\"\n }\n]", + "computer_links_computer_s": "https://api.amp.cisco.com/v1/computers/xxxxxxxx-xxxx-4cbb-ab04-8a0705448b72", + "computer_links_trajectory_s": "https://api.amp.cisco.com/v1/computers/xxxxxxxx-xxxx-4cbb-ab04-8a0705448b72/trajectory", + "computer_links_group_s": "https://api.amp.cisco.com/v1/groups/xxxxxxxx-xxxx-4ba7-8dbb-c4d5b6bafe03", + "file_disposition_s": "Malicious", + "file_file_name_s": "wsymqyv90.exe", + "file_file_path_s": "\\\\?\\C:\\Users\\Administrator\\AppData\\Local\\Temp\\OUTLOOK_TEMP\\wsymqyv90.exe", + "file_identity_sha256_s": "b630e72639cc7340620adb0cfc26332ec52fe8867b769695f2d25718d68b1b40", + "file_identity_sha1_s": "70aef829bec17195e6c8ec0e6cba0ed39f97ba48", + "file_identity_md5_g": "e2f5dcd9-66e2-6d54-329e-8d79c7201652", + "file_parent_process_id_d": 4040, + "file_parent_disposition_s": "Clean", + "file_parent_file_name_s": "iexplore.exe", + "file_parent_identity_sha256_s": "b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132", + "file_parent_identity_sha1_s": "8de30174cebc8732f1ba961e7d93fe5549495a80", + "file_parent_identity_md5_g": "b3581f42-6dc5-00a5-1091-cdd5bacf0454", + "event_s": "", + "audit_log_type_s": "", + "audit_log_id_g": "", + "audit_log_user_s": "", + "created_at_t": "", + "new_attributes_policy_id_d": "", + "new_attributes_product_version_id_d": "", + "audit_log_id_s": "", + "new_attributes_name_s": "", + "new_attributes_desc_s": "", + "new_attributes_hostname_s": "", + "new_attributes_ip_external_s": "", + "new_attributes_group_id_d": "", + "new_attributes_operating_system_id_d": "" + } +] \ No newline at end of file