cisco se - add sample data
This commit is contained in:
Родитель
6ab87ab7bd
Коммит
01725262bf
|
@ -0,0 +1,149 @@
|
|||
[
|
||||
{
|
||||
"RawData": "",
|
||||
"id_d": "",
|
||||
"timestamp_d": "",
|
||||
"timestamp_nanoseconds_d": "",
|
||||
"date_t": "",
|
||||
"event_type_s": "",
|
||||
"event_type_id_d": "",
|
||||
"detection_s": "",
|
||||
"detection_id_s": "",
|
||||
"connector_guid_g": "",
|
||||
"group_guids_s": "",
|
||||
"severity_s": "",
|
||||
"computer_connector_guid_g": "",
|
||||
"computer_hostname_s": "",
|
||||
"computer_external_ip_s": "",
|
||||
"computer_user_s": "",
|
||||
"computer_active_b": "",
|
||||
"computer_network_addresses_s": "",
|
||||
"computer_links_computer_s": "",
|
||||
"computer_links_trajectory_s": "",
|
||||
"computer_links_group_s": "",
|
||||
"file_disposition_s": "",
|
||||
"file_file_name_s": "",
|
||||
"file_file_path_s": "",
|
||||
"file_identity_sha256_s": "",
|
||||
"file_identity_sha1_s": "",
|
||||
"file_identity_md5_g": "",
|
||||
"file_parent_process_id_d": "",
|
||||
"file_parent_disposition_s": "",
|
||||
"file_parent_file_name_s": "",
|
||||
"file_parent_identity_sha256_s": "",
|
||||
"file_parent_identity_sha1_s": "",
|
||||
"file_parent_identity_md5_g": "",
|
||||
"event_s": "create",
|
||||
"audit_log_type_s": "Computer",
|
||||
"audit_log_id_g": "",
|
||||
"audit_log_user_s": "16db5cf986eec6f44422",
|
||||
"created_at_t": "2021-10-01T11:42:59.525000",
|
||||
"new_attributes_policy_id_d": "",
|
||||
"new_attributes_product_version_id_d": "",
|
||||
"audit_log_id_s": "16db5cf986eec6f44422",
|
||||
"new_attributes_name_s": "test",
|
||||
"new_attributes_desc_s": "Computer populated with demo data",
|
||||
"new_attributes_hostname_s": "test",
|
||||
"new_attributes_ip_external_s": "10.10.10.10",
|
||||
"new_attributes_group_id_d": 431790,
|
||||
"new_attributes_operating_system_id_d": 8795
|
||||
},
|
||||
{
|
||||
"RawData": "",
|
||||
"id_d": "",
|
||||
"timestamp_d": "",
|
||||
"timestamp_nanoseconds_d": "",
|
||||
"date_t": "",
|
||||
"event_type_s": "",
|
||||
"event_type_id_d": "",
|
||||
"detection_s": "",
|
||||
"detection_id_s": "",
|
||||
"connector_guid_g": "",
|
||||
"group_guids_s": "",
|
||||
"severity_s": "",
|
||||
"computer_connector_guid_g": "",
|
||||
"computer_hostname_s": "",
|
||||
"computer_external_ip_s": "",
|
||||
"computer_user_s": "",
|
||||
"computer_active_b": "",
|
||||
"computer_network_addresses_s": "",
|
||||
"computer_links_computer_s": "",
|
||||
"computer_links_trajectory_s": "",
|
||||
"computer_links_group_s": "",
|
||||
"file_disposition_s": "",
|
||||
"file_file_name_s": "",
|
||||
"file_file_path_s": "",
|
||||
"file_identity_sha256_s": "",
|
||||
"file_identity_sha1_s": "",
|
||||
"file_identity_md5_g": "",
|
||||
"file_parent_process_id_d": "",
|
||||
"file_parent_disposition_s": "",
|
||||
"file_parent_file_name_s": "",
|
||||
"file_parent_identity_sha256_s": "",
|
||||
"file_parent_identity_sha1_s": "",
|
||||
"file_parent_identity_md5_g": "",
|
||||
"event_s": "create",
|
||||
"audit_log_type_s": "Agent",
|
||||
"audit_log_id_g": "99f403ce-bee9-4b7a-97f0-c3e39e39078c",
|
||||
"audit_log_user_s": "16db5cf986eec6f44422",
|
||||
"created_at_t": "2021-10-01T11:42:59.525000",
|
||||
"new_attributes_policy_id_d": 915608,
|
||||
"new_attributes_product_version_id_d": 15342,
|
||||
"audit_log_id_s": "",
|
||||
"new_attributes_name_s": "",
|
||||
"new_attributes_desc_s": "",
|
||||
"new_attributes_hostname_s": "",
|
||||
"new_attributes_ip_external_s": "",
|
||||
"new_attributes_group_id_d": "",
|
||||
"new_attributes_operating_system_id_d": ""
|
||||
},
|
||||
{
|
||||
"RawData": "",
|
||||
"id_d": 6180352115244790000,
|
||||
"timestamp_d": 1582222838,
|
||||
"timestamp_nanoseconds_d": 279000000,
|
||||
"date_t": "2021-10-01T11:40:42.105000",
|
||||
"event_type_s": "Threat Detected",
|
||||
"event_type_id_d": 1090519054,
|
||||
"detection_s": "W32.GenericKD:ZVETJ.18gs.1201",
|
||||
"detection_id_s": "6180352115244793858",
|
||||
"connector_guid_g": "20a0ce9f-44d1-0000-ab04-8a0705448b72",
|
||||
"group_guids_s": "[\n \"6c3c2005-0000-4ba7-0000-c4d5b6bafe03\"\n]",
|
||||
"severity_s": "Medium",
|
||||
"computer_connector_guid_g": "20a0ce9f-44d1-0000-ab04-8a0705448b72",
|
||||
"computer_hostname_s": "test",
|
||||
"computer_external_ip_s": "10.10.10.10",
|
||||
"computer_user_s": "A@TEST-W7X86",
|
||||
"computer_active_b": true,
|
||||
"computer_network_addresses_s": "[\n {\n \"ip\": \"10.10.10.10\",\n \"mac\": \"10:10:10:10:10:10\"\n }\n]",
|
||||
"computer_links_computer_s": "https://api.amp.cisco.com/v1/computers/xxxxxxxx-xxxx-4cbb-ab04-8a0705448b72",
|
||||
"computer_links_trajectory_s": "https://api.amp.cisco.com/v1/computers/xxxxxxxx-xxxx-4cbb-ab04-8a0705448b72/trajectory",
|
||||
"computer_links_group_s": "https://api.amp.cisco.com/v1/groups/xxxxxxxx-xxxx-4ba7-8dbb-c4d5b6bafe03",
|
||||
"file_disposition_s": "Malicious",
|
||||
"file_file_name_s": "wsymqyv90.exe",
|
||||
"file_file_path_s": "\\\\?\\C:\\Users\\Administrator\\AppData\\Local\\Temp\\OUTLOOK_TEMP\\wsymqyv90.exe",
|
||||
"file_identity_sha256_s": "b630e72639cc7340620adb0cfc26332ec52fe8867b769695f2d25718d68b1b40",
|
||||
"file_identity_sha1_s": "70aef829bec17195e6c8ec0e6cba0ed39f97ba48",
|
||||
"file_identity_md5_g": "e2f5dcd9-66e2-6d54-329e-8d79c7201652",
|
||||
"file_parent_process_id_d": 4040,
|
||||
"file_parent_disposition_s": "Clean",
|
||||
"file_parent_file_name_s": "iexplore.exe",
|
||||
"file_parent_identity_sha256_s": "b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132",
|
||||
"file_parent_identity_sha1_s": "8de30174cebc8732f1ba961e7d93fe5549495a80",
|
||||
"file_parent_identity_md5_g": "b3581f42-6dc5-00a5-1091-cdd5bacf0454",
|
||||
"event_s": "",
|
||||
"audit_log_type_s": "",
|
||||
"audit_log_id_g": "",
|
||||
"audit_log_user_s": "",
|
||||
"created_at_t": "",
|
||||
"new_attributes_policy_id_d": "",
|
||||
"new_attributes_product_version_id_d": "",
|
||||
"audit_log_id_s": "",
|
||||
"new_attributes_name_s": "",
|
||||
"new_attributes_desc_s": "",
|
||||
"new_attributes_hostname_s": "",
|
||||
"new_attributes_ip_external_s": "",
|
||||
"new_attributes_group_id_d": "",
|
||||
"new_attributes_operating_system_id_d": ""
|
||||
}
|
||||
]
|
Загрузка…
Ссылка в новой задаче