diff --git a/DataConnectors/Infoblox Cloud Data Connector/InfobloxCloudDataConnector.json b/DataConnectors/Infoblox Cloud Data Connector/InfobloxCloudDataConnector.json new file mode 100644 index 0000000000..a0bcc39bca --- /dev/null +++ b/DataConnectors/Infoblox Cloud Data Connector/InfobloxCloudDataConnector.json @@ -0,0 +1,130 @@ +{ + "id": "InfobloxCloudDataConnector", + "title": "Infoblox Cloud Data Connector", + "publisher": "Infoblox", + "descriptionMarkdown": "The Infoblox Cloud Data Connector allows you to easily connect your Infoblox BloxOne data with Azure Sentinel. By connecting your logs to Azure Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "InfobloxCDC", + "baseQuery": "CommonSecurityLog\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"" + } + ], + "sampleQueries": [ + { + "description" : "Return all BloxOne Threat Defense (TD) logs", + "query": "CommonSecurityLog\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\n | where DeviceEventClassID has_cs \"RPZ\"" + }, + { + "description" : "Return all BloxOne DDI logs", + "query": "CommonSecurityLog\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\n | where DeviceEventClassID has_cs \"DNS Response\"" + }, + { + "description" : "Return all Category Filters security events", + "query": "CommonSecurityLog\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\n | where DeviceEventClassID has_cs \"RPZ\"\n | where AdditionalExtensions contains \"InfobloxRPZ=CAT_\"" + }, + { + "description" : "Return Top 10 TD Domains Hit Count", + "query": "CommonSecurityLog\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\n | where DeviceEventClassID has_cs \"RPZ\" \n| summarize count() by DestinationDnsDomain \n| top 10 by count_ desc" + }, + { + "description" : "Return Top 10 TD Source IPs Hit Count", + "query": "CommonSecurityLog\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\n | where DeviceEventClassID has_cs \"RPZ\" \n| summarize count() by SourceIP \n| top 10 by count_ desc" + } + ], + "dataTypes": [ + { + "name": "CommonSecurityLog (InfobloxCDC)", + "lastDataReceivedQuery": "CommonSecurityLog\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\n | summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + } + ], + "connectivityCriterias": [ + { + "type": "IsConnectedQuery", + "value": [ + "CommonSecurityLog\n| where DeviceVendor == \"Infoblox\"\n| where DeviceProduct == \"Data Connector\"\n| summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "read": true, + "write": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ] + }, + "instructionSteps": [ + { + "title": "1. Linux Syslog agent configuration", + "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Azure Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace", + "innerSteps": [ + { + "title": "1.1 Select or create a Linux machine", + "description": "Select or create a Linux machine that Azure Sentinel will use as the proxy between your security solution and Azure Sentinel this machine can be on your on-prem environment, Azure or other clouds." + }, + { + "title": "1.2 Install the CEF collector on the Linux machine", + "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Azure Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId", + "PrimaryKey" + ], + "label": "Run the following command to install and apply the CEF collector:", + "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}" + }, + "type": "CopyableLabel" + } + ] + } + ] + }, + { + "title": "2. Configure Infoblox BloxOne to send Syslog data to the Infoblox Cloud Data Connector to forward to the Syslog agent", + "description": "Follow the steps below to configure the Infoblox CDC to send BloxOne data to Azure Sentinel via the Linux Syslog agent. This Sentinel data connector assumes an Infoblox Cloud Data Connector on-prem host has already been created and configured in the Infoblox Cloud Services Portal (CSP). \n\n1. Log into the Infoblox Cloud Services Portal (CSP).\n2. Navigate to **Manage > Data Connector**.\n3. Click the **Destination Configuration** tab at the top.\n4. Click **Create > Syslog**. \n - **Name**: Give the new Destination a meaningful **name**, such as **Azure-Sentinel-Destination**.\n - **Description**: Optionally give it a meaningful **description**.\n - **State**: Set the state to **Enabled**.\n - **Format**: Set the format to **CEF**.\n - **FQDN/IP**: Enter the IP address of the Linux device on which the Linux agent is installed.\n - **Port**: Leave the port number at **514**.\n - **Protocol**: Leave the protocol at **TCP**.\n - Click **Save & Close**.\n5. Click the **Traffic Flow Configuration** tab at the top.\n6. Click **Create**.\n - **Name**: Give the new Traffic Flow a meaningful **name**, such as **Azure-Sentinel-Flow**.\n - **Description**: Optionally give it a meaningful **description**. \n - **State**: Set the state to **Enabled**. \n - Expand the **CDC Enabled Host** section. \n - **On-Prem Host**: Select your desired on-prem host for which the Data Connector service is enabled. \n - Expand the **Source Configuration** section. \n - **Source**: Select **BloxOne Cloud Source**. \n - Select all desired **log types** you wish to collect. \n - Expand the **Destination Configuration** section. \n - Select the **Destination** you just created. \n - Click **Save & Close**. \n7. Allow the configuration some time to activate." + }, + { + "title": "3. Validate connection", + "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Run the following command to validate your connectivity:", + "value": "sudo wget -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py {0}" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "4. Secure your machine ", + "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)" + } + ] +} diff --git a/Sample Data/CEF/InfobloxCloudDataConnector-sampledata.csv b/Sample Data/CEF/InfobloxCloudDataConnector-sampledata.csv new file mode 100644 index 0000000000..df6330c2d5 --- /dev/null +++ b/Sample Data/CEF/InfobloxCloudDataConnector-sampledata.csv @@ -0,0 +1,322 @@ +TenantId,SourceSystem,TimeGenerated [UTC],ReceiptTime,DeviceVendor,DeviceProduct,DeviceEventClassID,LogSeverity,OriginalLogSeverity,DeviceAction,SimplifiedDeviceAction,DestinationIP,Message,Protocol,SourcePort,SourceIP,DeviceVersion,Activity,ApplicationProtocol,DestinationDnsDomain,AdditionalExtensions,Type +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 10:41:29.593 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite amazon.com. [A] via CAT_Online Shopping.amazon.com.""",,49835,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,amazon.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Online Shopping.amazon.com.;InfobloxRPZ=CAT_Online Shopping;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=Online Shopping;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 10:41:44.408 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite connectivity.office.com. [A] via CAT_Personal Pages.connectivity.office.com.""",,47868,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,connectivity.office.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Personal Pages.connectivity.office.com.;InfobloxRPZ=CAT_Personal Pages;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=Personal Pages;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 10:41:46.222 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite connectivity.office.com. [A] via CAT_Personal Pages.connectivity.office.com.""",,49835,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,connectivity.office.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Personal Pages.connectivity.office.com.;InfobloxRPZ=CAT_Personal Pages;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=Personal Pages;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 10:41:37.435 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite facebook.com. [A] via CAT_Social Networking.facebook.com.""",,47868,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,facebook.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Social Networking.facebook.com.;InfobloxRPZ=CAT_Social Networking;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=Social Networking;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 10:41:38.519 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite facebook.com. [A] via CAT_Social Networking.facebook.com.""",,49835,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,facebook.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Social Networking.facebook.com.;InfobloxRPZ=CAT_Social Networking;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=Social Networking;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:45:03.791 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite netflix.com. [A] via CAT_Entertainment.netflix.com.""",,10893,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,netflix.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Entertainment.netflix.com.;InfobloxRPZ=CAT_Entertainment;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=Entertainment;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:45:03.791 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite netflix.com. [A] via CAT_Entertainment.netflix.com.""",,36196,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,netflix.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Entertainment.netflix.com.;InfobloxRPZ=CAT_Entertainment;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=Entertainment;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:48:44.899 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite vodka.com. [A] via CAT_Alcohol.vodka.com.""",,23916,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,vodka.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Alcohol.vodka.com.;InfobloxRPZ=CAT_Alcohol;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=Alcohol;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:48:49.601 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite vodka.com. [A] via CAT_Alcohol.vodka.com.""",,40544,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,vodka.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Alcohol.vodka.com.;InfobloxRPZ=CAT_Alcohol;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=Alcohol;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:48:55.783 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite vodka.com. [A] via CAT_Alcohol.vodka.com.""",,40544,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,vodka.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Alcohol.vodka.com.;InfobloxRPZ=CAT_Alcohol;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=Alcohol;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:48:44.899 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite wine.com. [A] via CAT_Alcohol.wine.com.""",,23916,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,wine.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Alcohol.wine.com.;InfobloxRPZ=CAT_Alcohol;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=Alcohol;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:51:40.459 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite youtube.com. [A] via CAT_Media Sharing.youtube.com.""",,11091,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,youtube.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Media Sharing.youtube.com.;InfobloxRPZ=CAT_Media Sharing;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=Media Sharing;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:51:46.963 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite youtube.com. [A] via CAT_Media Sharing.youtube.com.""",,26823,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,youtube.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Media Sharing.youtube.com.;InfobloxRPZ=CAT_Media Sharing;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=Media Sharing;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:34:33.764 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite www.domowaplaza.pl. [A] via ext-base-antimalware.www.domowaplaza.pl.""",,60161,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,www.domowaplaza.pl.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.www.domowaplaza.pl.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=80;InfobloxThreatLevel=80,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:28:32.165 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite www.domowaplaza.pl. [A] via ext-base-antimalware.www.domowaplaza.pl.""",,33227,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,www.domowaplaza.pl.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.www.domowaplaza.pl.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=80;InfobloxThreatLevel=80,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:28:05.764 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite www.domowaplaza.pl. [A] via ext-base-antimalware.www.domowaplaza.pl.""",,5915,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,www.domowaplaza.pl.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.www.domowaplaza.pl.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=80;InfobloxThreatLevel=80,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:29:34.748 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite www.domowaplaza.pl. [A] via ext-base-antimalware.www.domowaplaza.pl.""",,22575,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,www.domowaplaza.pl.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.www.domowaplaza.pl.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=80;InfobloxThreatLevel=80,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:27:58.324 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite www.domowaplaza.pl. [A] via ext-base-antimalware.www.domowaplaza.pl.""",,29413,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,www.domowaplaza.pl.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.www.domowaplaza.pl.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=80;InfobloxThreatLevel=80,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:28:01.795 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite www.domowaplaza.pl. [A] via ext-base-antimalware.www.domowaplaza.pl.""",,1974,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,www.domowaplaza.pl.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.www.domowaplaza.pl.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=80;InfobloxThreatLevel=80,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:34:33.735 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite www.domowaplaza.pl. [A] via ext-base-antimalware.www.domowaplaza.pl.""",,60161,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,www.domowaplaza.pl.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.www.domowaplaza.pl.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=80;InfobloxThreatLevel=80,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:28:33.700 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite www.domowaplaza.pl. [A] via ext-base-antimalware.www.domowaplaza.pl.""",,12830,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,www.domowaplaza.pl.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.www.domowaplaza.pl.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=80;InfobloxThreatLevel=80,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:28:05.764 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite www.domowaplaza.pl. [A] via ext-base-antimalware.www.domowaplaza.pl.""",,1974,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,www.domowaplaza.pl.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.www.domowaplaza.pl.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=80;InfobloxThreatLevel=80,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:29:31.879 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite www.domowaplaza.pl. [A] via ext-base-antimalware.www.domowaplaza.pl.""",,46048,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,www.domowaplaza.pl.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.www.domowaplaza.pl.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=80;InfobloxThreatLevel=80,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:34:37.401 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite www.domowaplaza.pl. [A] via ext-base-antimalware.www.domowaplaza.pl.""",,50087,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,www.domowaplaza.pl.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.www.domowaplaza.pl.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=80;InfobloxThreatLevel=80,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:27:56.843 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite www.domowaplaza.pl. [A] via ext-base-antimalware.www.domowaplaza.pl.""",,5915,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,www.domowaplaza.pl.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.www.domowaplaza.pl.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=80;InfobloxThreatLevel=80,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:27:57.703 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite www.domowaplaza.pl. [A] via ext-base-antimalware.www.domowaplaza.pl.""",,4847,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,www.domowaplaza.pl.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.www.domowaplaza.pl.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=80;InfobloxThreatLevel=80,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:00:00.703 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite walla.link. [A] via base.walla.link.""",,10437,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,walla.link.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.walla.link.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:00:04.531 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite walla.link. [A] via base.walla.link.""",,33946,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,walla.link.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.walla.link.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:00:31.433 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite walla.link. [A] via base.walla.link.""",,16228,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,walla.link.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.walla.link.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:06:32.999 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite walla.link. [A] via base.walla.link.""",,19932,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,walla.link.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.walla.link.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:00:36.871 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite walla.link. [A] via base.walla.link.""",,40398,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,walla.link.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.walla.link.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:01:33.754 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite walla.link. [A] via base.walla.link.""",,12250,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,walla.link.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.walla.link.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:00:00.749 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite walla.link. [A] via base.walla.link.""",,10437,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,walla.link.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.walla.link.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:06:32.712 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite walla.link. [A] via base.walla.link.""",,52859,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,walla.link.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.walla.link.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:01:36.336 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite walla.link. [A] via base.walla.link.""",,39215,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,walla.link.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.walla.link.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:00:36.898 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite walla.link. [A] via base.walla.link.""",,40398,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,walla.link.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.walla.link.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 10:59:57.510 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite walla.link. [A] via base.walla.link.""",,33946,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,walla.link.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.walla.link.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:27:17.545 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite ftp.windowsstores.organiccrap.com. [A] via base.ftp.windowsstores.organiccrap.com.""",,62347,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,ftp.windowsstores.organiccrap.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.windowsstores.organiccrap.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:27:17.545 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite ftp.windowsstores.organiccrap.com. [A] via base.ftp.windowsstores.organiccrap.com.""",,20911,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,ftp.windowsstores.organiccrap.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.windowsstores.organiccrap.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:27:21.192 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite ftp.windowsstores.organiccrap.com. [A] via base.ftp.windowsstores.organiccrap.com.""",,11356,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,ftp.windowsstores.organiccrap.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.windowsstores.organiccrap.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 10:57:25.060 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,8,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite example.com. [A] via LIST_658153.example.com.""",,39956,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,example.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_658153.example.com.;InfobloxRPZ=LIST_658153;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=90;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 10:57:21.002 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,8,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite example.com. [A] via LIST_658153.example.com.""",,15089,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,example.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_658153.example.com.;InfobloxRPZ=LIST_658153;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=90;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 10:55:39.475 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,1,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite example.com. [A] via LIST_658153.example.com.""",,22336,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,example.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_658153.example.com.;InfobloxRPZ=LIST_658153;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=10,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 10:37:24.052 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,5,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite example.com. [A] via LIST_658153.example.com.""",,58096,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,example.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_658153.example.com.;InfobloxRPZ=LIST_658153;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=90;InfobloxThreatLevel=50,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 10:51:26.375 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,1,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite example.com. [A] via LIST_658153.example.com.""",,28269,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,example.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_658153.example.com.;InfobloxRPZ=LIST_658153;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=10;InfobloxThreatLevel=0,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 10:55:40.937 PM",,Infoblox,Data Connector,RPZ-QNAME-REDIRECT,1,,REDIRECT,REDIRECT,,"""RPZ QNAME REDIRECT rewrite example.com. [A] via LIST_658153.example.com.""",,62129,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,DNS,example.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_658153.example.com.;InfobloxRPZ=LIST_658153;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=10,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:27:32.719 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite daddy.gostudyantivirus.com. [A] via base.daddy.gostudyantivirus.com.""",,10205,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,daddy.gostudyantivirus.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.daddy.gostudyantivirus.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:27:45.134 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite daddy.gostudyantivirus.com. [A] via base.daddy.gostudyantivirus.com.""",,7992,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,daddy.gostudyantivirus.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.daddy.gostudyantivirus.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:27:35.579 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite daddy.gostudyantivirus.com. [A] via base.daddy.gostudyantivirus.com.""",,7992,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,daddy.gostudyantivirus.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.daddy.gostudyantivirus.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:27:41.751 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite daddy.gostudyantivirus.com. [A] via base.daddy.gostudyantivirus.com.""",,10205,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,daddy.gostudyantivirus.com.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.daddy.gostudyantivirus.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:42:01.840 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.937.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.937.zcmt50.hex.acaddff5e4.leeandco.net.""",,7987,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.937.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.937.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:21:37.793 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.937.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.937.ymil00.hex.acaddff5e4.leeandco.net.""",,50593,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.937.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.937.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:41:51.880 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.840.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.840.zcmt50.hex.acaddff5e4.leeandco.net.""",,56540,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.840.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.840.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:21:30.175 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.840.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.840.ymil00.hex.acaddff5e4.leeandco.net.""",,50593,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.840.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.840.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:41:24.046 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.743.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.743.zcmt50.hex.acaddff5e4.leeandco.net.""",,56540,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.743.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.743.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:21:22.607 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.743.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.743.ymil00.hex.acaddff5e4.leeandco.net.""",,50593,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.743.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.743.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:41:27.050 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.646.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.646.zcmt50.hex.acaddff5e4.leeandco.net.""",,46369,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.646.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.646.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:21:07.637 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.646.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.646.ymil00.hex.acaddff5e4.leeandco.net.""",,50593,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.646.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.646.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:41:09.308 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.549.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.549.zcmt50.hex.acaddff5e4.leeandco.net.""",,58534,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.549.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.549.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:21:00.469 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.549.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.549.ymil00.hex.acaddff5e4.leeandco.net.""",,50593,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.549.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.549.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:20:44.649 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.452.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.452.ymil00.hex.acaddff5e4.leeandco.net.""",,50593,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.452.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.452.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:20:36.902 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.355.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.355.ymil00.hex.acaddff5e4.leeandco.net.""",,50593,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.355.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.355.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:24:49.110 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.2683.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.2683.ymil00.hex.acaddff5e4.leeandco.net.""",,53819,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.2683.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.2683.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:24:40.102 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.2586.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.2586.ymil00.hex.acaddff5e4.leeandco.net.""",,53819,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.2586.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.2586.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:24:30.802 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.2489.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.2489.ymil00.hex.acaddff5e4.leeandco.net.""",,48394,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.2489.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.2489.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:24:16.825 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.2392.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.2392.ymil00.hex.acaddff5e4.leeandco.net.""",,31171,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.2392.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.2392.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:24:08.757 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.2295.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.2295.ymil00.hex.acaddff5e4.leeandco.net.""",,56787,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.2295.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.2295.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:24:00.782 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.2198.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.2198.ymil00.hex.acaddff5e4.leeandco.net.""",,56787,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.2198.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.2198.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:23:45.269 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.2101.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.2101.ymil00.hex.acaddff5e4.leeandco.net.""",,21179,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.2101.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.2101.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:23:38.015 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.2004.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.2004.ymil00.hex.acaddff5e4.leeandco.net.""",,21179,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.2004.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.2004.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:23:27.067 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1907.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1907.ymil00.hex.acaddff5e4.leeandco.net.""",,62785,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1907.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1907.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:43:36.572 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1810.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1810.zcmt50.hex.acaddff5e4.leeandco.net.""",,20242,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1810.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1810.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:23:15.116 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1810.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1810.ymil00.hex.acaddff5e4.leeandco.net.""",,62785,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1810.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1810.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:43:22.339 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1713.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1713.zcmt50.hex.acaddff5e4.leeandco.net.""",,20242,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1713.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1713.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:23:02.181 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1713.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1713.ymil00.hex.acaddff5e4.leeandco.net.""",,62785,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1713.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1713.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:43:12.054 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1616.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1616.zcmt50.hex.acaddff5e4.leeandco.net.""",,36519,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1616.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1616.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:22:52.030 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1616.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1616.ymil00.hex.acaddff5e4.leeandco.net.""",,62785,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1616.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1616.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:43:01.281 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1519.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1519.zcmt50.hex.acaddff5e4.leeandco.net.""",,14474,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1519.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1519.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:22:43.545 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1519.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1519.ymil00.hex.acaddff5e4.leeandco.net.""",,61377,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1519.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1519.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:42:49.736 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1422.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1422.zcmt50.hex.acaddff5e4.leeandco.net.""",,7987,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1422.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1422.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:22:36.508 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1422.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1422.ymil00.hex.acaddff5e4.leeandco.net.""",,61377,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1422.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1422.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:42:45.872 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1325.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1325.zcmt50.hex.acaddff5e4.leeandco.net.""",,15223,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1325.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1325.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:22:22.500 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1325.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1325.ymil00.hex.acaddff5e4.leeandco.net.""",,61377,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1325.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1325.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:42:26.848 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1228.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1228.zcmt50.hex.acaddff5e4.leeandco.net.""",,7987,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1228.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1228.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:22:15.514 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1228.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1228.ymil00.hex.acaddff5e4.leeandco.net.""",,61377,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1228.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1228.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:42:19.191 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1131.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1131.zcmt50.hex.acaddff5e4.leeandco.net.""",,7987,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1131.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1131.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:22:01.774 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1131.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1131.ymil00.hex.acaddff5e4.leeandco.net.""",,61377,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1131.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1131.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:42:09.794 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1034.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1034.zcmt50.hex.acaddff5e4.leeandco.net.""",,7987,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1034.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1034.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:21:44.603 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7572205765622050726f787920697320657866696c74726174.1034.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1034.ymil00.hex.acaddff5e4.leeandco.net.""",,55534,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7572205765622050726f787920697320657866696c74726174.1034.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7572205765622050726f787920697320657866696c74726174.1034.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:42:01.840 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.936.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.936.zcmt50.hex.acaddff5e4.leeandco.net.""",,7987,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.936.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.936.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:21:37.792 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.936.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.936.ymil00.hex.acaddff5e4.leeandco.net.""",,50593,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.936.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.936.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:41:51.880 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.839.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.839.zcmt50.hex.acaddff5e4.leeandco.net.""",,56540,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.839.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.839.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:21:30.175 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.839.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.839.ymil00.hex.acaddff5e4.leeandco.net.""",,50593,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.839.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.839.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:41:24.046 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.742.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.742.zcmt50.hex.acaddff5e4.leeandco.net.""",,56540,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.742.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.742.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:21:22.607 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.742.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.742.ymil00.hex.acaddff5e4.leeandco.net.""",,50593,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.742.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.742.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:41:27.050 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.645.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.645.zcmt50.hex.acaddff5e4.leeandco.net.""",,46369,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.645.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.645.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:21:07.637 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.645.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.645.ymil00.hex.acaddff5e4.leeandco.net.""",,50593,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.645.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.645.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:41:09.308 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.548.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.548.zcmt50.hex.acaddff5e4.leeandco.net.""",,58534,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.548.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.548.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:21:00.469 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.548.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.548.ymil00.hex.acaddff5e4.leeandco.net.""",,50593,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.548.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.548.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:20:44.649 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.451.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.451.ymil00.hex.acaddff5e4.leeandco.net.""",,50593,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.451.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.451.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:20:36.902 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.354.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.354.ymil00.hex.acaddff5e4.leeandco.net.""",,50593,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.354.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.354.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:24:49.110 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.2682.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.2682.ymil00.hex.acaddff5e4.leeandco.net.""",,53819,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.2682.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.2682.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:24:40.102 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.2585.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.2585.ymil00.hex.acaddff5e4.leeandco.net.""",,53819,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.2585.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.2585.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:24:30.802 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.2488.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.2488.ymil00.hex.acaddff5e4.leeandco.net.""",,48394,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.2488.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.2488.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:24:16.825 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.2391.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.2391.ymil00.hex.acaddff5e4.leeandco.net.""",,31171,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.2391.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.2391.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:24:08.757 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.2294.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.2294.ymil00.hex.acaddff5e4.leeandco.net.""",,56787,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.2294.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.2294.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:24:00.782 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.2197.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.2197.ymil00.hex.acaddff5e4.leeandco.net.""",,56787,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.2197.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.2197.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:23:45.269 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.2100.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.2100.ymil00.hex.acaddff5e4.leeandco.net.""",,21179,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.2100.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.2100.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:23:38.015 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.2003.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.2003.ymil00.hex.acaddff5e4.leeandco.net.""",,21179,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.2003.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.2003.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:23:27.066 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1906.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1906.ymil00.hex.acaddff5e4.leeandco.net.""",,62785,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1906.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1906.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:43:36.572 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1809.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1809.zcmt50.hex.acaddff5e4.leeandco.net.""",,20242,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1809.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1809.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:23:15.115 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1809.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1809.ymil00.hex.acaddff5e4.leeandco.net.""",,62785,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1809.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1809.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:43:22.339 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1712.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1712.zcmt50.hex.acaddff5e4.leeandco.net.""",,20242,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1712.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1712.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:23:02.181 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1712.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1712.ymil00.hex.acaddff5e4.leeandco.net.""",,62785,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1712.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1712.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:43:12.054 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1615.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1615.zcmt50.hex.acaddff5e4.leeandco.net.""",,36519,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1615.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1615.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:22:52.030 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1615.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1615.ymil00.hex.acaddff5e4.leeandco.net.""",,62785,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1615.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1615.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:43:01.280 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1518.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1518.zcmt50.hex.acaddff5e4.leeandco.net.""",,14474,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1518.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1518.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:22:43.545 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1518.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1518.ymil00.hex.acaddff5e4.leeandco.net.""",,61377,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1518.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1518.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:42:49.736 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1421.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1421.zcmt50.hex.acaddff5e4.leeandco.net.""",,7987,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1421.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1421.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:22:36.508 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1421.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1421.ymil00.hex.acaddff5e4.leeandco.net.""",,61377,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1421.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1421.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:42:45.872 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1324.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1324.zcmt50.hex.acaddff5e4.leeandco.net.""",,15223,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1324.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1324.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:22:22.500 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1324.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1324.ymil00.hex.acaddff5e4.leeandco.net.""",,61377,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1324.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1324.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:42:26.848 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1227.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1227.zcmt50.hex.acaddff5e4.leeandco.net.""",,7987,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1227.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1227.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:22:15.514 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1227.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1227.ymil00.hex.acaddff5e4.leeandco.net.""",,61377,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1227.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1227.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:42:19.191 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1130.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1130.zcmt50.hex.acaddff5e4.leeandco.net.""",,7987,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1130.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1130.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:22:01.774 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1130.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1130.ymil00.hex.acaddff5e4.leeandco.net.""",,61377,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1130.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1130.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:42:09.794 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1033.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1033.zcmt50.hex.acaddff5e4.leeandco.net.""",,7987,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1033.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1033.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:21:44.603 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 796f7520686176652061205765622050726f78792c207468656e20.1033.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1033.ymil00.hex.acaddff5e4.leeandco.net.""",,55534,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,796f7520686176652061205765622050726f78792c207468656e20.1033.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.796f7520686176652061205765622050726f78792c207468656e20.1033.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:42:01.844 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 78792c207468656e20796f7572205765622050726f787920697320.969.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.78792c207468656e20796f7572205765622050726f787920697320.969.zcmt50.hex.acaddff5e4.leeandco.net.""",,7987,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,78792c207468656e20796f7572205765622050726f787920697320.969.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.78792c207468656e20796f7572205765622050726f787920697320.969.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:21:44.597 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 78792c207468656e20796f7572205765622050726f787920697320.969.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.78792c207468656e20796f7572205765622050726f787920697320.969.ymil00.hex.acaddff5e4.leeandco.net.""",,55534,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,78792c207468656e20796f7572205765622050726f787920697320.969.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.78792c207468656e20796f7572205765622050726f787920697320.969.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:41:53.692 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 78792c207468656e20796f7572205765622050726f787920697320.872.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.78792c207468656e20796f7572205765622050726f787920697320.872.zcmt50.hex.acaddff5e4.leeandco.net.""",,7987,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,78792c207468656e20796f7572205765622050726f787920697320.872.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.78792c207468656e20796f7572205765622050726f787920697320.872.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:21:30.178 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 78792c207468656e20796f7572205765622050726f787920697320.872.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.78792c207468656e20796f7572205765622050726f787920697320.872.ymil00.hex.acaddff5e4.leeandco.net.""",,50593,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,78792c207468656e20796f7572205765622050726f787920697320.872.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.78792c207468656e20796f7572205765622050726f787920697320.872.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:41:42.672 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 78792c207468656e20796f7572205765622050726f787920697320.775.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.78792c207468656e20796f7572205765622050726f787920697320.775.zcmt50.hex.acaddff5e4.leeandco.net.""",,56540,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,78792c207468656e20796f7572205765622050726f787920697320.775.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.78792c207468656e20796f7572205765622050726f787920697320.775.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:21:22.610 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 78792c207468656e20796f7572205765622050726f787920697320.775.ymil00.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.78792c207468656e20796f7572205765622050726f787920697320.775.ymil00.hex.acaddff5e4.leeandco.net.""",,50593,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,78792c207468656e20796f7572205765622050726f787920697320.775.ymil00.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.78792c207468656e20796f7572205765622050726f787920697320.775.ymil00.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:41:27.054 PM",,Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,,NXDOMAIN,NXDOMAIN,,"""RPZ QNAME NXDOMAIN rewrite 78792c207468656e20796f7572205765622050726f787920697320.678.zcmt50.hex.acaddff5e4.leeandco.net. [A] via LIST_541993.78792c207468656e20796f7572205765622050726f787920697320.678.zcmt50.hex.acaddff5e4.leeandco.net.""",,46369,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,DNS,78792c207468656e20796f7572205765622050726f787920697320.678.zcmt50.hex.acaddff5e4.leeandco.net.,InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=LIST_541993.78792c207468656e20796f7572205765622050726f787920697320.678.zcmt50.hex.acaddff5e4.leeandco.net.;InfobloxRPZ=LIST_541993;InfobloxCSiteId=;InfobloxPolicyID=98594;InfobloxDomainCat=;InfobloxThreatProperty=;InfobloxThreatConfidence=50;InfobloxThreatLevel=90,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:00:16.636 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""wns.notify.trafficmanager.net. 58 IN CNAME vip2-dm3p.wns.notify.trafficmanager.net. vip2-dm3p.wns.notify.trafficmanager.net. 162 IN A 52.242.211.89 . 32768 512 OPT """,UDP,46716,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,wns.notify.trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:25:46.643 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""wns.notify.trafficmanager.net. 5 IN CNAME vip2-dm3p.wns.notify.trafficmanager.net. vip2-dm3p.wns.notify.trafficmanager.net. 145 IN A 52.242.211.89 . 32768 512 OPT """,UDP,59321,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,wns.notify.trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:20:31.660 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""wns.notify.trafficmanager.net. 49 IN CNAME vip2-dm3p.wns.notify.trafficmanager.net. vip2-dm3p.wns.notify.trafficmanager.net. 114 IN A 52.242.211.89 . 32768 512 OPT """,UDP,51916,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,wns.notify.trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:16.647 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""wns.notify.trafficmanager.net. 299 IN A 52.230.222.68 . 32768 512 OPT """,UDP,53156,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,wns.notify.trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:55:01.617 PM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""wns.notify.trafficmanager.net. 260 IN CNAME vip2-dm3p.wns.notify.trafficmanager.net. vip2-dm3p.wns.notify.trafficmanager.net. 237 IN A 52.242.211.89 . 32768 512 OPT """,UDP,39254,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,wns.notify.trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:10:16.636 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""wns.notify.trafficmanager.net. 257 IN CNAME vip2-dm3p.wns.notify.trafficmanager.net. vip2-dm3p.wns.notify.trafficmanager.net. 186 IN A 52.242.211.89 . 32768 512 OPT """,UDP,33749,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,wns.notify.trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:15:16.650 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""wns.notify.trafficmanager.net. 134 IN CNAME vip2-dm3p.wns.notify.trafficmanager.net. vip2-dm3p.wns.notify.trafficmanager.net. 287 IN A 52.242.211.89 . 32768 512 OPT """,UDP,35005,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,wns.notify.trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:16:16.630 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.235.149.1 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.233.189.178 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.209.243.220 . 32768 512 OPT """,UDP,57418,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:06:01.637 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.209.243.220 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.235.149.1 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.233.189.178 . 32768 512 OPT """,UDP,40393,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:55:16.617 PM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.209.243.220 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.233.189.178 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.235.149.1 . 32768 512 OPT """,UDP,60290,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:25:46.644 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 58 IN A 18.233.189.178 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 58 IN A 18.235.149.1 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 58 IN A 18.209.243.220 . 32768 512 OPT """,UDP,48161,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:31.638 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 30 IN A 18.235.149.1 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 30 IN A 18.233.189.178 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 30 IN A 18.209.243.220 . 32768 512 OPT """,UDP,44954,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:15:46.640 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 30 IN A 18.209.243.220 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 30 IN A 18.233.189.178 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 30 IN A 18.235.149.1 . 32768 512 OPT """,UDP,54506,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:57:31.631 PM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""wildcard.weather.microsoft.com.edgekey.net. 513 IN CNAME e15275.g.akamaiedge.net. e15275.g.akamaiedge.net. 19 IN A 104.86.95.226 . 32768 512 OPT """,UDP,45460,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,wildcard.weather.microsoft.com.edgekey.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:10:16.635 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""vip2-dm3p.wns.notify.trafficmanager.net. 203 IN A 52.242.211.89 . 32768 512 OPT """,UDP,33886,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,vip2-dm3p.wns.notify.trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:15:16.651 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""vip2-dm3p.wns.notify.trafficmanager.net. 202 IN A 52.242.211.89 . 32768 512 OPT """,UDP,50754,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,vip2-dm3p.wns.notify.trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:25:46.643 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""vip2-dm3p.wns.notify.trafficmanager.net. 162 IN A 52.242.211.89 . 32768 512 OPT """,UDP,58415,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,vip2-dm3p.wns.notify.trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:00:16.637 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""vip2-dm3p.wns.notify.trafficmanager.net. 125 IN A 52.242.211.89 . 32768 512 OPT """,UDP,49076,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,vip2-dm3p.wns.notify.trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:20:31.660 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""vip2-dm3p.wns.notify.trafficmanager.net. 114 IN A 52.242.211.89 . 32768 512 OPT """,UDP,51750,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,vip2-dm3p.wns.notify.trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:55:01.617 PM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""vip2-dm3p.wns.notify.trafficmanager.net. 108 IN A 52.242.211.89 . 32768 512 OPT """,UDP,43847,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,vip2-dm3p.wns.notify.trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:16:46.627 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""v10.events.data.microsoft.com. 756 IN CNAME global.asimov.events.data.trafficmanager.net. global.asimov.events.data.trafficmanager.net. 15 IN CNAME skypedataprdcoljpe03.cloudapp.net. skypedataprdcoljpe03.cloudapp.net. 9 IN A 52.114.32.8 net. 146266 IN NS e.gtld-servers.net. net. 146266 IN NS b.gtld-servers.net. net. 146266 IN NS f.gtld-servers.net. net. 146266 IN NS l.gtld-servers.net. net. 146266 IN NS d.gtld-servers.net. net. 146266 IN NS k.gtld-servers.net. net. 146266 IN NS h.gtld-servers.net. net. 146266 IN NS g.gtld-servers.net. net. 146266 IN NS a.gtld-servers.net. net. 146266 IN NS j.gtld-servers.net. net. 146266 IN NS c.gtld-servers.net. net. 146266 IN NS i.gtld-servers.net. net. 146266 IN NS m.gtld-servers.net. a.gtld-servers.net. 146266 IN A 192.5.6.30 b.gtld-servers.net. 146266 IN A 192.33.14.30 c.gtld-servers.net. 146266 IN A 192.26.92.30 d.gtld-servers.net. 146266 IN A 192.31.80.30 e.gtld-servers.net. 146266 IN A 192.12.94.30 f.gtld-servers.net. 146266 IN A 192.35.51.30 g.gtld-servers.net. 146266 IN A 192.42.93.30""",UDP,54957,172.0.0.110,2.1.3,DNS Response IN A NOERROR,DNS,v10.events.data.microsoft.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=13;InfobloxArCount=7,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:16.647 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm2.edgedns-tm.info. 67 IN A 13.107.247.10 . 32768 512 OPT """,UDP,45694,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm2.edgedns-tm.info.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:20:31.659 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm2.edgedns-tm.info. 294 IN A 13.107.247.10 . 32768 512 OPT """,UDP,56767,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm2.edgedns-tm.info.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:55:01.617 PM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm2.edgedns-tm.info. 233 IN A 13.107.247.10 . 32768 512 OPT """,UDP,44411,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm2.edgedns-tm.info.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:00:16.638 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm2.edgedns-tm.info. 217 IN A 13.107.247.10 . 32768 512 OPT """,UDP,45841,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm2.edgedns-tm.info.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:15:16.651 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm2.edgedns-tm.info. 212 IN A 13.107.247.10 . 32768 512 OPT """,UDP,47004,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm2.edgedns-tm.info.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:25:46.644 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm2.edgedns-tm.info. 211 IN A 13.107.247.10 . 32768 512 OPT """,UDP,54364,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm2.edgedns-tm.info.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:10:16.634 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm2.edgedns-tm.info. 191 IN A 13.107.247.10 . 32768 512 OPT """,UDP,38492,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm2.edgedns-tm.info.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:16:46.627 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm2.dns-tm.com. 86 IN A 65.55.117.41 . 32768 512 OPT """,UDP,44426,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm2.dns-tm.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:15:16.649 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm2.dns-tm.com. 38 IN A 65.55.117.41 . 32768 512 OPT """,UDP,56447,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm2.dns-tm.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:20:31.659 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm2.dns-tm.com. 260 IN A 65.55.117.41 . 32768 512 OPT """,UDP,45204,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm2.dns-tm.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:16.646 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm2.dns-tm.com. 174 IN A 65.55.117.41 . 32768 512 OPT """,UDP,45333,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm2.dns-tm.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:10:16.636 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm2.dns-tm.com. 173 IN A 65.55.117.41 . 32768 512 OPT """,UDP,42399,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm2.dns-tm.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:25:46.643 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm2.dns-tm.com. 164 IN A 65.55.117.41 . 32768 512 OPT """,UDP,55072,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm2.dns-tm.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:55:01.617 PM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm2.dns-tm.com. 158 IN A 65.55.117.41 . 32768 512 OPT """,UDP,34805,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm2.dns-tm.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:00:16.638 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm2.dns-tm.com. 156 IN A 65.55.117.41 . 32768 512 OPT """,UDP,42203,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm2.dns-tm.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:15:16.651 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm1.edgedns-tm.info. 247 IN A 13.107.252.10 . 32768 512 OPT """,UDP,34255,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm1.edgedns-tm.info.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:20:31.659 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm1.edgedns-tm.info. 240 IN A 13.107.252.10 . 32768 512 OPT """,UDP,42884,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm1.edgedns-tm.info.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:25:46.643 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm1.edgedns-tm.info. 239 IN A 13.107.252.10 . 32768 512 OPT """,UDP,50464,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm1.edgedns-tm.info.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:55:01.617 PM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm1.edgedns-tm.info. 159 IN A 13.107.252.10 . 32768 512 OPT """,UDP,57673,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm1.edgedns-tm.info.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:10:16.636 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm1.edgedns-tm.info. 144 IN A 13.107.252.10 . 32768 512 OPT """,UDP,45191,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm1.edgedns-tm.info.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:00:16.637 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm1.edgedns-tm.info. 106 IN A 13.107.252.10 . 32768 512 OPT """,UDP,45896,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm1.edgedns-tm.info.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:16.647 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm1.edgedns-tm.info. 103 IN A 13.107.252.10 . 32768 512 OPT """,UDP,54183,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm1.edgedns-tm.info.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:55:01.617 PM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm1.dns-tm.com. 5 IN A 204.79.195.41 . 32768 512 OPT """,UDP,37550,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm1.dns-tm.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:00:16.637 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm1.dns-tm.com. 298 IN A 204.79.195.41 . 32768 512 OPT """,UDP,36466,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm1.dns-tm.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:15:16.651 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm1.dns-tm.com. 296 IN A 204.79.195.41 . 32768 512 OPT """,UDP,57690,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm1.dns-tm.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:20:31.659 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm1.dns-tm.com. 296 IN A 204.79.195.41 . 32768 512 OPT """,UDP,47952,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm1.dns-tm.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:16.646 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm1.dns-tm.com. 275 IN A 204.79.195.41 . 32768 512 OPT """,UDP,36516,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm1.dns-tm.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:25:46.643 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm1.dns-tm.com. 266 IN A 204.79.195.41 . 32768 512 OPT """,UDP,56147,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm1.dns-tm.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:10:16.636 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""tm1.dns-tm.com. 207 IN A 204.79.195.41 . 32768 512 OPT """,UDP,50986,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,tm1.dns-tm.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:57:31.632 PM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""tile-service.weather.microsoft.com. 181 IN CNAME wildcard.weather.microsoft.com.edgekey.net. wildcard.weather.microsoft.com.edgekey.net. 513 IN CNAME e15275.g.akamaiedge.net. e15275.g.akamaiedge.net. 19 IN A 104.86.95.226 net. 147420 IN NS i.gtld-servers.net. net. 147420 IN NS b.gtld-servers.net. net. 147420 IN NS k.gtld-servers.net. net. 147420 IN NS g.gtld-servers.net. net. 147420 IN NS l.gtld-servers.net. net. 147420 IN NS a.gtld-servers.net. net. 147420 IN NS c.gtld-servers.net. net. 147420 IN NS e.gtld-servers.net. net. 147420 IN NS j.gtld-servers.net. net. 147420 IN NS f.gtld-servers.net. net. 147420 IN NS h.gtld-servers.net. net. 147420 IN NS d.gtld-servers.net. net. 147420 IN NS m.gtld-servers.net. a.gtld-servers.net. 147420 IN A 192.5.6.30 b.gtld-servers.net. 147420 IN A 192.33.14.30 c.gtld-servers.net. 147420 IN A 192.26.92.30 d.gtld-servers.net. 147420 IN A 192.31.80.30 e.gtld-servers.net. 147420 IN A 192.12.94.30 f.gtld-servers.net. 147420 IN A 192.35.51.30 g.gtld-servers.net. 147420 IN A 192.42.93.30 h.gtld-servers.net. 147420 IN A 192.54.112.30""",UDP,56656,172.0.0.110,2.1.3,DNS Response IN A NOERROR,DNS,tile-service.weather.microsoft.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=13;InfobloxArCount=8,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:16:46.627 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""skypedataprdcoljpe03.cloudapp.net. 9 IN A 52.114.32.8 . 32768 512 OPT """,UDP,51053,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,skypedataprdcoljpe03.cloudapp.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:13:16.671 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""safebrowsing.googleapis.com. 52 IN A 74.125.137.95 com. 146494 IN NS h.gtld-servers.net. com. 146494 IN NS g.gtld-servers.net. com. 146494 IN NS e.gtld-servers.net. com. 146494 IN NS l.gtld-servers.net. com. 146494 IN NS d.gtld-servers.net. com. 146494 IN NS i.gtld-servers.net. com. 146494 IN NS a.gtld-servers.net. com. 146494 IN NS b.gtld-servers.net. com. 146494 IN NS f.gtld-servers.net. com. 146494 IN NS k.gtld-servers.net. com. 146494 IN NS m.gtld-servers.net. com. 146494 IN NS j.gtld-servers.net. com. 146494 IN NS c.gtld-servers.net. a.gtld-servers.net. 146476 IN A 192.5.6.30 b.gtld-servers.net. 146476 IN A 192.33.14.30 c.gtld-servers.net. 146476 IN A 192.26.92.30 d.gtld-servers.net. 146476 IN A 192.31.80.30 e.gtld-servers.net. 146476 IN A 192.12.94.30 f.gtld-servers.net. 146476 IN A 192.35.51.30 g.gtld-servers.net. 146476 IN A 192.42.93.30 h.gtld-servers.net. 146476 IN A 192.54.112.30 i.gtld-servers.net. 146476 IN A 192.43.172.30 j.gtld-servers.net. 146476 IN A 192.48.79.30 k.gtld-servers.net. 146476 IN A 192.52.178.30 l.gtld-servers.net. 146476 IN A 192.41.162.30 m.gtld-servers.net. 146476 IN A 192.55.83.30""",UDP,53788,172.0.0.110,2.1.3,DNS Response IN A NOERROR,DNS,safebrowsing.googleapis.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:13:16.670 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""safebrowsing.googleapis.com. 52 IN A 74.125.137.95 . 32768 512 OPT """,UDP,58976,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,safebrowsing.googleapis.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:10:16.636 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""ns4-09.azure-dns.info. 3596 IN A 13.107.160.9 . 32768 512 OPT """,UDP,55306,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,ns4-09.azure-dns.info.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:16.646 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""ns3-09.azure-dns.org. 2748 IN A 13.107.24.9 . 32768 512 OPT """,UDP,52253,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,ns3-09.azure-dns.org.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:10:16.636 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""ns2-09.azure-dns.net. 2730 IN A 64.4.48.9 . 32768 512 OPT """,UDP,32807,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,ns2-09.azure-dns.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:25:46.644 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""infoblox.com. 836 IN SOA thens.infoblox.com. dns.infoblox.com. 2006594658 10800 1080 1209600 3600""",UDP,62059,172.0.0.33,2.1.3,DNS Response IN TXT NXDOMAIN,DNS,probe.infoblox.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=0,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:25:46.645 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""infoblox.com. 836 IN SOA thens.infoblox.com. dns.infoblox.com. 2006594658 10800 1080 1209600 3600 infoblox.com. 836 IN RRSIG SOA 5 2 3600 20210216000453 20210211230453 42390 infoblox.com.",UDP,55004,172.0.0.253,2.1.3,DNS Response IN TXT NXDOMAIN,DNS,probe.infoblox.com.,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;KM0UDEZaKvjwv7o7Du25SdACInDRrrjkgBfnquwSdW4cE2TaqsW7sjr+cw01rNikDGQexi5sFgu63NLZEErVWOB7QmaNBbHwnQznxlOD5HSaJtALqSPv4+bX+fOTmUPF7Iv4ciAMVhrZNip6UyZkuA/AHEQpEV8j8aZC5zyq8SY= infoblox.com. 2636 IN NSEC 6map.infoblox.com. A NS SOA MX TXT AAAA RRSIG NSEC DNSKEY infoblox.com. 2636 IN RRSIG NSEC 5 2 3600 20210215102520 20210211094432 42390 infoblox.com.;ltbHfYR2kCklsWj6Pc6RffRuKBEttxvj9xuCJNAIfNHm0Tcc6j0i1dxG8Z86M/7U00ARch8F6L2zVWtRq+CoUJw4eIm2cMm6QR1vou6Pzfff53n88h5U3MaRXzGpco3YCz9B0QL+q5hg9+uqbHgQGau1TXYoSglLEqpdQKECbTM= preprod-noa.infoblox.com. 2636 IN NSEC pstraining.infoblox.com. NS RRSIG NSEC preprod-noa.infoblox.com. 2636 IN RRSIG NSEC 5 3 3600 20210215220928 20210211214809 42390 infoblox.com.;jkCvy1LpbSPNmDeuqIVJlONQgVC01X80rwYN8Xj7R59wqhg9nuYa7sGYzNXzWjzy6MHpVFfgfXEtDYgY4E42W+StAvTi4hx77KmzGD2xuKO/KGKd3/RqsMCwsdtHmzCLtHU7EY6tumRBjlu7E/ErTRkJeSrECrtaZsHHhpLhKho= . 32768 512 OPT "";InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1",CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:26:31.640 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""infoblox.com. 799 IN SOA thens.infoblox.com. dns.infoblox.com. 2006594658 10800 1080 1209600 3600""",UDP,62091,172.0.0.32,2.1.3,DNS Response IN TXT NXDOMAIN,DNS,probe.infoblox.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=0,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:15:46.640 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""infoblox.com. 438 IN SOA thens.infoblox.com. dns.infoblox.com. 2006594654 10800 1080 1209600 3600""",UDP,55225,172.0.0.33,2.1.3,DNS Response IN TXT NXDOMAIN,DNS,probe.infoblox.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=0,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:16:16.630 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""infoblox.com. 403 IN SOA thens.infoblox.com. dns.infoblox.com. 2006594654 10800 1080 1209600 3600""",UDP,56468,172.0.0.32,2.1.3,DNS Response IN TXT NXDOMAIN,DNS,probe.infoblox.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=0,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:55:16.617 PM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""infoblox.com. 1664 IN SOA thens.infoblox.com. dns.infoblox.com. 2006594654 10800 1080 1209600 3600""",UDP,60664,172.0.0.33,2.1.3,DNS Response IN TXT NXDOMAIN,DNS,probe.infoblox.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=0,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:55:16.617 PM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""infoblox.com. 1664 IN SOA thens.infoblox.com. dns.infoblox.com. 2006594654 10800 1080 1209600 3600 infoblox.com. 1664 IN RRSIG SOA 5 2 3600 20210215235054 20210211225054 42390 infoblox.com.",UDP,37721,172.0.0.253,2.1.3,DNS Response IN TXT NXDOMAIN,DNS,probe.infoblox.com.,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;URQjpbnaduy5A2bj673Rl5LUTrbsJU1hVTr/z7NlAe5dglgGYcpp1ROwCJsOOfhtq99TxxowkcmD+AwCm3Ggtvmrh3s2hCW3ik/vGY+ul51ltp1faMaAz6q0w6vntqVlZ5+/1TZ9yIHPRRLQnAGxcBAKwvmOwEUJY/wI3USQ8Wo= infoblox.com. 3464 IN NSEC 6map.infoblox.com. A NS SOA MX TXT AAAA RRSIG NSEC DNSKEY infoblox.com. 3464 IN RRSIG NSEC 5 2 3600 20210215102520 20210211094432 42390 infoblox.com.;ltbHfYR2kCklsWj6Pc6RffRuKBEttxvj9xuCJNAIfNHm0Tcc6j0i1dxG8Z86M/7U00ARch8F6L2zVWtRq+CoUJw4eIm2cMm6QR1vou6Pzfff53n88h5U3MaRXzGpco3YCz9B0QL+q5hg9+uqbHgQGau1TXYoSglLEqpdQKECbTM= preprod-noa.infoblox.com. 3464 IN NSEC pstraining.infoblox.com. NS RRSIG NSEC preprod-noa.infoblox.com. 3464 IN RRSIG NSEC 5 3 3600 20210215220928 20210211214809 42390 infoblox.com.;jkCvy1LpbSPNmDeuqIVJlONQgVC01X80rwYN8Xj7R59wqhg9nuYa7sGYzNXzWjzy6MHpVFfgfXEtDYgY4E42W+StAvTi4hx77KmzGD2xuKO/KGKd3/RqsMCwsdtHmzCLtHU7EY6tumRBjlu7E/ErTRkJeSrECrtaZsHHhpLhKho= . 32768 512 OPT "";InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1",CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:55:46.638 PM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""infoblox.com. 1632 IN SOA thens.infoblox.com. dns.infoblox.com. 2006594654 10800 1080 1209600 3600""",UDP,53104,172.0.0.32,2.1.3,DNS Response IN TXT NXDOMAIN,DNS,probe.infoblox.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=0,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:31.639 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""infoblox.com. 1051 IN SOA thens.infoblox.com. dns.infoblox.com. 2006594654 10800 1080 1209600 3600""",UDP,56038,172.0.0.33,2.1.3,DNS Response IN TXT NXDOMAIN,DNS,probe.infoblox.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=0,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:06:01.638 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""infoblox.com. 1017 IN SOA thens.infoblox.com. dns.infoblox.com. 2006594654 10800 1080 1209600 3600""",UDP,51793,172.0.0.32,2.1.3,DNS Response IN TXT NXDOMAIN,DNS,probe.infoblox.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=0,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:16:46.627 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""global.asimov.events.data.trafficmanager.net. 15 IN CNAME skypedataprdcoljpe03.cloudapp.net. skypedataprdcoljpe03.cloudapp.net. 1 IN A 52.114.32.8 . 32768 512 OPT """,UDP,58700,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,global.asimov.events.data.trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:01:46.672 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""e28578.d.akamaiedge.net. 19 IN A 23.66.115.88 e28578.d.akamaiedge.net. 19 IN A 23.66.115.65 . 32768 512 OPT """,UDP,43777,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,e28578.d.akamaiedge.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:57:31.632 PM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""e15275.g.akamaiedge.net. 19 IN A 104.86.95.226 . 32768 512 OPT """,UDP,50478,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,e15275.g.akamaiedge.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:01:46.671 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""e10663.dscg.akamaiedge.net. 19 IN A 23.44.13.99 . 32768 512 OPT """,UDP,50449,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,e10663.dscg.akamaiedge.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:17:46.668 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""ctldl.windowsupdate.com. 1610 IN CNAME au-bg-shim.trafficmanager.net. au-bg-shim.trafficmanager.net. 3339 IN CNAME audownload.windowsupdate.nsatc.net. audownload.windowsupdate.nsatc.net. 412 IN CNAME au.download.windowsupdate.com.hwcdn.net. au.download.windowsupdate.com.hwcdn.net. 2629 IN CNAME cds.d2s7q6s2.hwcdn.net. cds.d2s7q6s2.hwcdn.net. 294 IN A 205.185.216.10 net. 146205 IN NS d.gtld-servers.net. net. 146205 IN NS h.gtld-servers.net. net. 146205 IN NS f.gtld-servers.net. net. 146205 IN NS l.gtld-servers.net. net. 146205 IN NS a.gtld-servers.net. net. 146205 IN NS i.gtld-servers.net. net. 146205 IN NS j.gtld-servers.net. net. 146205 IN NS b.gtld-servers.net. net. 146205 IN NS c.gtld-servers.net. net. 146205 IN NS k.gtld-servers.net. net. 146205 IN NS m.gtld-servers.net. net. 146205 IN NS g.gtld-servers.net. net. 146205 IN NS e.gtld-servers.net. a.gtld-servers.net. 146205 IN A 192.5.6.30 b.gtld-servers.net. 146205 IN A 192.33.14.30 c.gtld-servers.net. 146205 IN A 192.26.92.30 d.gtld-servers.net. 146205 IN A 192.31.80.30""",UDP,60429,172.0.0.110,2.1.3,DNS Response IN A NOERROR,DNS,ctldl.windowsupdate.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=5;InfobloxNsCount=13;InfobloxArCount=4,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:17:46.666 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""ctldl.windowsupdate.com. 1610 IN CNAME au-bg-shim.trafficmanager.net. au-bg-shim.trafficmanager.net. 1862 IN CNAME audownload.windowsupdate.nsatc.net. audownload.windowsupdate.nsatc.net. 424 IN CNAME auto.au.download.windowsupdate.com.c.footprint.net. auto.au.download.windowsupdate.com.c.footprint.net. 436 IN A 8.250.208.126 auto.au.download.windowsupdate.com.c.footprint.net. 436 IN A 8.253.133.112 auto.au.download.windowsupdate.com.c.footprint.net. 436 IN A 8.252.68.254 auto.au.download.windowsupdate.com.c.footprint.net. 436 IN A 8.253.231.254 auto.au.download.windowsupdate.com.c.footprint.net. 436 IN A 8.253.133.248 . 32768 512 OPT """,UDP,37184,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,ctldl.windowsupdate.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=8;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:31.639 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""csp.infoblox.com. 59 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 30 IN A 18.233.189.178 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 30 IN A 18.235.149.1 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 30 IN A 18.209.243.220 amazonaws.com. 146976 IN NS r2.amazonaws.com. amazonaws.com. 146976 IN NS r1.amazonaws.com. amazonaws.com. 146976 IN NS u2.amazonaws.com. amazonaws.com. 146976 IN NS u1.amazonaws.com. r1.amazonaws.com. 146976 IN A 205.251.192.27 r2.amazonaws.com. 146976 IN A 205.251.195.199 u1.amazonaws.com. 146976 IN A 156.154.64.10 u2.amazonaws.com. 146976 IN A 156.154.65.10 r1.amazonaws.com. 146976 IN AAAA 2600:9000:5300:1b00::1 r2.amazonaws.com. 146976 IN AAAA 2600:9000:5303:c700::1 u1.amazonaws.com. 146976 IN AAAA 2001:502:f3ff::10 u2.amazonaws.com. 146976 IN AAAA 2610:a1:1014::10""",UDP,53359,172.0.0.33,2.1.3,DNS Response IN A NOERROR,DNS,csp.infoblox.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=4;InfobloxArCount=8,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:31.639 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""csp.infoblox.com. 59 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. csp.infoblox.com. 59 IN RRSIG CNAME 5 3 60 20210215080312 20210211072137 42390 infoblox.com.",UDP,33872,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,csp.infoblox.com.,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;hmNp5KUN+Ve+rnbcXP4qK12Xy4UeoLsjop2V9t3DchBHtYvIQN1YA3E9X31zygaFcYyqCN7Pl+ee31lGJt1NacBHxQO9dlXHP0cwlbEgTpP1gLyBnUGxLS31vDP7NmObmLN4B223WvsvaiIBxf+OPTVFPjUR9GinDj2MjN2dWHs= wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.209.243.220 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.233.189.178 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.235.149.1 . 32768 512 OPT "";InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1",CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:16:16.630 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""csp.infoblox.com. 57 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.233.189.178 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.235.149.1 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.209.243.220 amazonaws.com. 146327 IN NS u1.amazonaws.com. amazonaws.com. 146327 IN NS u2.amazonaws.com. amazonaws.com. 146327 IN NS r1.amazonaws.com. amazonaws.com. 146327 IN NS r2.amazonaws.com. r1.amazonaws.com. 146327 IN A 205.251.192.27 r2.amazonaws.com. 146327 IN A 205.251.195.199 u1.amazonaws.com. 146327 IN A 156.154.64.10 u2.amazonaws.com. 146327 IN A 156.154.65.10 r1.amazonaws.com. 146327 IN AAAA 2600:9000:5300:1b00::1 r2.amazonaws.com. 146327 IN AAAA 2600:9000:5303:c700::1 u1.amazonaws.com. 146327 IN AAAA 2001:502:f3ff::10 u2.amazonaws.com. 146327 IN AAAA 2610:a1:1014::10""",UDP,56467,172.0.0.32,2.1.3,DNS Response IN A NOERROR,DNS,csp.infoblox.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=4;InfobloxArCount=8,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:16:16.630 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""csp.infoblox.com. 57 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. csp.infoblox.com. 57 IN RRSIG CNAME 5 3 60 20210215080312 20210211072137 42390 infoblox.com.",UDP,49295,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,csp.infoblox.com.,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;hmNp5KUN+Ve+rnbcXP4qK12Xy4UeoLsjop2V9t3DchBHtYvIQN1YA3E9X31zygaFcYyqCN7Pl+ee31lGJt1NacBHxQO9dlXHP0cwlbEgTpP1gLyBnUGxLS31vDP7NmObmLN4B223WvsvaiIBxf+OPTVFPjUR9GinDj2MjN2dWHs= wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 20 IN A 18.235.149.1 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 20 IN A 18.209.243.220 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 20 IN A 18.233.189.178 . 32768 512 OPT "";InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1",CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:26:31.640 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""csp.infoblox.com. 51 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 22 IN A 18.209.243.220 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 22 IN A 18.235.149.1 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 22 IN A 18.233.189.178 amazonaws.com. 145713 IN NS u1.amazonaws.com. amazonaws.com. 145713 IN NS r1.amazonaws.com. amazonaws.com. 145713 IN NS u2.amazonaws.com. amazonaws.com. 145713 IN NS r2.amazonaws.com. r1.amazonaws.com. 145713 IN A 205.251.192.27 r2.amazonaws.com. 145713 IN A 205.251.195.199 u1.amazonaws.com. 145713 IN A 156.154.64.10 u2.amazonaws.com. 145713 IN A 156.154.65.10 r1.amazonaws.com. 145713 IN AAAA 2600:9000:5300:1b00::1 r2.amazonaws.com. 145713 IN AAAA 2600:9000:5303:c700::1 u1.amazonaws.com. 145713 IN AAAA 2001:502:f3ff::10 u2.amazonaws.com. 145713 IN AAAA 2610:a1:1014::10""",UDP,53347,172.0.0.32,2.1.3,DNS Response IN A NOERROR,DNS,csp.infoblox.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=4;InfobloxArCount=8,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:26:31.640 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""csp.infoblox.com. 51 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. csp.infoblox.com. 51 IN RRSIG CNAME 5 3 60 20210215080312 20210211072137 42390 infoblox.com.",UDP,51652,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,csp.infoblox.com.,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;hmNp5KUN+Ve+rnbcXP4qK12Xy4UeoLsjop2V9t3DchBHtYvIQN1YA3E9X31zygaFcYyqCN7Pl+ee31lGJt1NacBHxQO9dlXHP0cwlbEgTpP1gLyBnUGxLS31vDP7NmObmLN4B223WvsvaiIBxf+OPTVFPjUR9GinDj2MjN2dWHs= wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 23 IN A 18.209.243.220 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 23 IN A 18.233.189.178 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 23 IN A 18.235.149.1 . 32768 512 OPT "";InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1",CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:55:46.637 PM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""csp.infoblox.com. 48 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 27 IN A 18.233.189.178 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 27 IN A 18.235.149.1 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 27 IN A 18.209.243.220 amazonaws.com. 147557 IN NS r2.amazonaws.com. amazonaws.com. 147557 IN NS r1.amazonaws.com. amazonaws.com. 147557 IN NS u1.amazonaws.com. amazonaws.com. 147557 IN NS u2.amazonaws.com. r1.amazonaws.com. 147557 IN A 205.251.192.27 r2.amazonaws.com. 147557 IN A 205.251.195.199 u1.amazonaws.com. 147557 IN A 156.154.64.10 u2.amazonaws.com. 147557 IN A 156.154.65.10 r1.amazonaws.com. 147557 IN AAAA 2600:9000:5300:1b00::1 r2.amazonaws.com. 147557 IN AAAA 2600:9000:5303:c700::1 u1.amazonaws.com. 147557 IN AAAA 2001:502:f3ff::10 u2.amazonaws.com. 147557 IN AAAA 2610:a1:1014::10""",UDP,60620,172.0.0.32,2.1.3,DNS Response IN A NOERROR,DNS,csp.infoblox.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=4;InfobloxArCount=8,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:55:46.638 PM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""csp.infoblox.com. 48 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. csp.infoblox.com. 48 IN RRSIG CNAME 5 3 60 20210215080312 20210211072137 42390 infoblox.com.",UDP,41368,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,csp.infoblox.com.,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;hmNp5KUN+Ve+rnbcXP4qK12Xy4UeoLsjop2V9t3DchBHtYvIQN1YA3E9X31zygaFcYyqCN7Pl+ee31lGJt1NacBHxQO9dlXHP0cwlbEgTpP1gLyBnUGxLS31vDP7NmObmLN4B223WvsvaiIBxf+OPTVFPjUR9GinDj2MjN2dWHs= wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 25 IN A 18.209.243.220 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 25 IN A 18.235.149.1 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 25 IN A 18.233.189.178 . 32768 512 OPT "";InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1",CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:25:46.644 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""csp.infoblox.com. 31 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 58 IN A 18.209.243.220 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 58 IN A 18.235.149.1 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 58 IN A 18.233.189.178 amazonaws.com. 145749 IN NS r1.amazonaws.com. amazonaws.com. 145749 IN NS u2.amazonaws.com. amazonaws.com. 145749 IN NS u1.amazonaws.com. amazonaws.com. 145749 IN NS r2.amazonaws.com. r1.amazonaws.com. 145749 IN A 205.251.192.27 r2.amazonaws.com. 145749 IN A 205.251.195.199 u1.amazonaws.com. 145749 IN A 156.154.64.10 u2.amazonaws.com. 145749 IN A 156.154.65.10 r1.amazonaws.com. 145749 IN AAAA 2600:9000:5300:1b00::1 r2.amazonaws.com. 145749 IN AAAA 2600:9000:5303:c700::1 u1.amazonaws.com. 145749 IN AAAA 2001:502:f3ff::10 u2.amazonaws.com. 145749 IN AAAA 2610:a1:1014::10""",UDP,61571,172.0.0.33,2.1.3,DNS Response IN A NOERROR,DNS,csp.infoblox.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=4;InfobloxArCount=8,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:25:46.644 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""csp.infoblox.com. 31 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. csp.infoblox.com. 31 IN RRSIG CNAME 5 3 60 20210215080312 20210211072137 42390 infoblox.com.",UDP,38939,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,csp.infoblox.com.,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;hmNp5KUN+Ve+rnbcXP4qK12Xy4UeoLsjop2V9t3DchBHtYvIQN1YA3E9X31zygaFcYyqCN7Pl+ee31lGJt1NacBHxQO9dlXHP0cwlbEgTpP1gLyBnUGxLS31vDP7NmObmLN4B223WvsvaiIBxf+OPTVFPjUR9GinDj2MjN2dWHs= wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 32 IN A 18.233.189.178 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 32 IN A 18.235.149.1 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 32 IN A 18.209.243.220 . 32768 512 OPT "";InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1",CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:15:46.640 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""csp.infoblox.com. 30 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 30 IN A 18.233.189.178 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 30 IN A 18.209.243.220 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 30 IN A 18.235.149.1 amazonaws.com. 146362 IN NS r2.amazonaws.com. amazonaws.com. 146362 IN NS r1.amazonaws.com. amazonaws.com. 146362 IN NS u2.amazonaws.com. amazonaws.com. 146362 IN NS u1.amazonaws.com. r1.amazonaws.com. 146362 IN A 205.251.192.27 r2.amazonaws.com. 146362 IN A 205.251.195.199 u1.amazonaws.com. 146362 IN A 156.154.64.10 u2.amazonaws.com. 146362 IN A 156.154.65.10 r1.amazonaws.com. 146362 IN AAAA 2600:9000:5300:1b00::1 r2.amazonaws.com. 146362 IN AAAA 2600:9000:5303:c700::1 u1.amazonaws.com. 146362 IN AAAA 2001:502:f3ff::10 u2.amazonaws.com. 146362 IN AAAA 2610:a1:1014::10""",UDP,55224,172.0.0.33,2.1.3,DNS Response IN A NOERROR,DNS,csp.infoblox.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=4;InfobloxArCount=8,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:15:46.640 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""csp.infoblox.com. 30 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. csp.infoblox.com. 30 IN RRSIG CNAME 5 3 60 20210215080312 20210211072137 42390 infoblox.com.",UDP,51524,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,csp.infoblox.com.,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;hmNp5KUN+Ve+rnbcXP4qK12Xy4UeoLsjop2V9t3DchBHtYvIQN1YA3E9X31zygaFcYyqCN7Pl+ee31lGJt1NacBHxQO9dlXHP0cwlbEgTpP1gLyBnUGxLS31vDP7NmObmLN4B223WvsvaiIBxf+OPTVFPjUR9GinDj2MjN2dWHs= wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 47 IN A 18.233.189.178 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 47 IN A 18.209.243.220 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 47 IN A 18.235.149.1 . 32768 512 OPT "";InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1",CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:06:01.638 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""csp.infoblox.com. 26 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.209.243.220 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.235.149.1 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.233.189.178 amazonaws.com. 146943 IN NS u1.amazonaws.com. amazonaws.com. 146943 IN NS r1.amazonaws.com. amazonaws.com. 146943 IN NS u2.amazonaws.com. amazonaws.com. 146943 IN NS r2.amazonaws.com. r1.amazonaws.com. 146943 IN A 205.251.192.27 r2.amazonaws.com. 146943 IN A 205.251.195.199 u1.amazonaws.com. 146943 IN A 156.154.64.10 u2.amazonaws.com. 146943 IN A 156.154.65.10 r1.amazonaws.com. 146943 IN AAAA 2600:9000:5300:1b00::1 r2.amazonaws.com. 146943 IN AAAA 2600:9000:5303:c700::1 u1.amazonaws.com. 146943 IN AAAA 2001:502:f3ff::10 u2.amazonaws.com. 146943 IN AAAA 2610:a1:1014::10""",UDP,63942,172.0.0.32,2.1.3,DNS Response IN A NOERROR,DNS,csp.infoblox.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=4;InfobloxArCount=8,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:55:16.616 PM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""csp.infoblox.com. 19 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.235.149.1 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.233.189.178 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 59 IN A 18.209.243.220 amazonaws.com. 147589 IN NS r1.amazonaws.com. amazonaws.com. 147589 IN NS u2.amazonaws.com. amazonaws.com. 147589 IN NS u1.amazonaws.com. amazonaws.com. 147589 IN NS r2.amazonaws.com. r1.amazonaws.com. 147589 IN A 205.251.192.27 r2.amazonaws.com. 147589 IN A 205.251.195.199 u1.amazonaws.com. 147589 IN A 156.154.64.10 u2.amazonaws.com. 147589 IN A 156.154.65.10 r1.amazonaws.com. 147589 IN AAAA 2600:9000:5300:1b00::1 r2.amazonaws.com. 147589 IN AAAA 2600:9000:5303:c700::1 u1.amazonaws.com. 147589 IN AAAA 2001:502:f3ff::10 u2.amazonaws.com. 147589 IN AAAA 2610:a1:1014::10""",UDP,58478,172.0.0.33,2.1.3,DNS Response IN A NOERROR,DNS,csp.infoblox.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=4;InfobloxArCount=8,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:55:16.618 PM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""csp.infoblox.com. 19 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. csp.infoblox.com. 19 IN RRSIG CNAME 5 3 60 20210215080312 20210211072137 42390 infoblox.com.",UDP,46821,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,csp.infoblox.com.,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;hmNp5KUN+Ve+rnbcXP4qK12Xy4UeoLsjop2V9t3DchBHtYvIQN1YA3E9X31zygaFcYyqCN7Pl+ee31lGJt1NacBHxQO9dlXHP0cwlbEgTpP1gLyBnUGxLS31vDP7NmObmLN4B223WvsvaiIBxf+OPTVFPjUR9GinDj2MjN2dWHs= wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 57 IN A 18.209.243.220 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 57 IN A 18.235.149.1 wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 57 IN A 18.233.189.178 . 32768 512 OPT "";InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1",CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:02:31.642 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""clientservices.googleapis.com. 299 IN A 216.58.194.163 com. 147135 IN NS l.gtld-servers.net. com. 147135 IN NS g.gtld-servers.net. com. 147135 IN NS h.gtld-servers.net. com. 147135 IN NS k.gtld-servers.net. com. 147135 IN NS a.gtld-servers.net. com. 147135 IN NS c.gtld-servers.net. com. 147135 IN NS f.gtld-servers.net. com. 147135 IN NS i.gtld-servers.net. com. 147135 IN NS e.gtld-servers.net. com. 147135 IN NS j.gtld-servers.net. com. 147135 IN NS d.gtld-servers.net. com. 147135 IN NS b.gtld-servers.net. com. 147135 IN NS m.gtld-servers.net. a.gtld-servers.net. 147117 IN A 192.5.6.30 b.gtld-servers.net. 147117 IN A 192.33.14.30 c.gtld-servers.net. 147117 IN A 192.26.92.30 d.gtld-servers.net. 147117 IN A 192.31.80.30 e.gtld-servers.net. 147117 IN A 192.12.94.30 f.gtld-servers.net. 147117 IN A 192.35.51.30 g.gtld-servers.net. 147117 IN A 192.42.93.30 h.gtld-servers.net. 147117 IN A 192.54.112.30 i.gtld-servers.net. 147117 IN A 192.43.172.30 j.gtld-servers.net. 147117 IN A 192.48.79.30 k.gtld-servers.net. 147117 IN A 192.52.178.30 l.gtld-servers.net. 147117 IN A 192.41.162.30 m.gtld-servers.net. 147117 IN A 192.55.83.30""",UDP,57944,172.0.0.110,2.1.3,DNS Response IN A NOERROR,DNS,clientservices.googleapis.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:02:31.642 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""clientservices.googleapis.com. 299 IN A 216.58.194.163 . 32768 512 OPT """,UDP,51232,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,clientservices.googleapis.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:16.647 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""client.wns.windows.com. 896 IN CNAME wns.notify.trafficmanager.net. wns.notify.trafficmanager.net. 299 IN A 52.230.222.68 trafficmanager.net. 146966 IN NS tm2.dns-tm.com. trafficmanager.net. 146966 IN NS tm1.dns-tm.com. trafficmanager.net. 146966 IN NS tm2.edgedns-tm.info. trafficmanager.net. 146966 IN NS tm1.edgedns-tm.info.""",UDP,61689,172.0.0.110,2.1.3,DNS Response IN A NOERROR,DNS,client.wns.windows.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=4;InfobloxArCount=0,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:10:16.636 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""client.wns.windows.com. 591 IN CNAME wns.notify.trafficmanager.net. wns.notify.trafficmanager.net. 257 IN CNAME vip2-dm3p.wns.notify.trafficmanager.net. vip2-dm3p.wns.notify.trafficmanager.net. 203 IN A 52.242.211.89 trafficmanager.net. 146661 IN NS tm1.dns-tm.com. trafficmanager.net. 146661 IN NS tm2.edgedns-tm.info. trafficmanager.net. 146661 IN NS tm1.edgedns-tm.info. trafficmanager.net. 146661 IN NS tm2.dns-tm.com.""",UDP,49526,172.0.0.110,2.1.3,DNS Response IN A NOERROR,DNS,client.wns.windows.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=4;InfobloxArCount=0,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:15:16.651 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""client.wns.windows.com. 291 IN CNAME wns.notify.trafficmanager.net. wns.notify.trafficmanager.net. 134 IN CNAME vip2-dm3p.wns.notify.trafficmanager.net. vip2-dm3p.wns.notify.trafficmanager.net. 202 IN A 52.242.211.89 trafficmanager.net. 146361 IN NS tm1.edgedns-tm.info. trafficmanager.net. 146361 IN NS tm1.dns-tm.com. trafficmanager.net. 146361 IN NS tm2.dns-tm.com. trafficmanager.net. 146361 IN NS tm2.edgedns-tm.info.""",UDP,55406,172.0.0.110,2.1.3,DNS Response IN A NOERROR,DNS,client.wns.windows.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=4;InfobloxArCount=0,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:20:31.660 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""client.wns.windows.com. 2295 IN CNAME wns.notify.trafficmanager.net. wns.notify.trafficmanager.net. 49 IN CNAME vip2-dm3p.wns.notify.trafficmanager.net. vip2-dm3p.wns.notify.trafficmanager.net. 114 IN A 52.242.211.89 trafficmanager.net. 146055 IN NS tm2.dns-tm.com. trafficmanager.net. 146055 IN NS tm2.edgedns-tm.info. trafficmanager.net. 146055 IN NS tm1.dns-tm.com. trafficmanager.net. 146055 IN NS tm1.edgedns-tm.info.""",UDP,65381,172.0.0.110,2.1.3,DNS Response IN A NOERROR,DNS,client.wns.windows.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=4;InfobloxArCount=0,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:20:31.659 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""client.wns.windows.com. 2295 IN CNAME wns.notify.trafficmanager.net. wns.notify.trafficmanager.net. 151 IN CNAME vip1-dm3p.wns.notify.trafficmanager.net. vip1-dm3p.wns.notify.trafficmanager.net. 108 IN A 52.230.222.68 . 32768 512 OPT """,UDP,44222,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,client.wns.windows.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:25:46.644 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""client.wns.windows.com. 1972 IN CNAME wns.notify.trafficmanager.net. wns.notify.trafficmanager.net. 5 IN CNAME vip2-dm3p.wns.notify.trafficmanager.net. vip2-dm3p.wns.notify.trafficmanager.net. 162 IN A 52.242.211.89 trafficmanager.net. 145732 IN NS tm2.edgedns-tm.info. trafficmanager.net. 145732 IN NS tm1.dns-tm.com. trafficmanager.net. 145732 IN NS tm2.dns-tm.com. trafficmanager.net. 145732 IN NS tm1.edgedns-tm.info.""",UDP,62917,172.0.0.110,2.1.3,DNS Response IN A NOERROR,DNS,client.wns.windows.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=4;InfobloxArCount=0,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:55:01.617 PM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""client.wns.windows.com. 1506 IN CNAME wns.notify.trafficmanager.net. wns.notify.trafficmanager.net. 260 IN CNAME vip2-dm3p.wns.notify.trafficmanager.net. vip2-dm3p.wns.notify.trafficmanager.net. 108 IN A 52.242.211.89 trafficmanager.net. 147576 IN NS tm2.dns-tm.com. trafficmanager.net. 147576 IN NS tm1.edgedns-tm.info. trafficmanager.net. 147576 IN NS tm2.edgedns-tm.info. trafficmanager.net. 147576 IN NS tm1.dns-tm.com.""",UDP,54152,172.0.0.110,2.1.3,DNS Response IN A NOERROR,DNS,client.wns.windows.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=4;InfobloxArCount=0,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:00:16.638 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""client.wns.windows.com. 1198 IN CNAME wns.notify.trafficmanager.net. wns.notify.trafficmanager.net. 58 IN CNAME vip2-dm3p.wns.notify.trafficmanager.net. vip2-dm3p.wns.notify.trafficmanager.net. 125 IN A 52.242.211.89 trafficmanager.net. 147268 IN NS tm1.edgedns-tm.info. trafficmanager.net. 147268 IN NS tm2.dns-tm.com. trafficmanager.net. 147268 IN NS tm1.dns-tm.com. trafficmanager.net. 147268 IN NS tm2.edgedns-tm.info.""",UDP,55940,172.0.0.110,2.1.3,DNS Response IN A NOERROR,DNS,client.wns.windows.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=4;InfobloxArCount=0,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:17:46.667 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""cds.d2s7q6s2.hwcdn.net. 294 IN A 205.185.216.10 . 32768 512 OPT """,UDP,46744,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,cds.d2s7q6s2.hwcdn.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:01:46.671 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""cdn.content.prod.cms.msn.com.edgekey.net. 785 IN CNAME e10663.dscg.akamaiedge.net. e10663.dscg.akamaiedge.net. 19 IN A 23.44.13.99 . 32768 512 OPT """,UDP,57986,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,cdn.content.prod.cms.msn.com.edgekey.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:01:46.671 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""cdn.content.prod.cms.msn.com. 12758 IN CNAME cdn.content.prod.cms.msn.com.edgekey.net. cdn.content.prod.cms.msn.com.edgekey.net. 785 IN CNAME e10663.dscg.akamaiedge.net. e10663.dscg.akamaiedge.net. 19 IN A 23.44.13.99 net. 147173 IN NS f.gtld-servers.net. net. 147173 IN NS d.gtld-servers.net. net. 147173 IN NS i.gtld-servers.net. net. 147173 IN NS c.gtld-servers.net. net. 147173 IN NS b.gtld-servers.net. net. 147173 IN NS m.gtld-servers.net. net. 147173 IN NS j.gtld-servers.net. net. 147173 IN NS e.gtld-servers.net. net. 147173 IN NS a.gtld-servers.net. net. 147173 IN NS g.gtld-servers.net. net. 147173 IN NS l.gtld-servers.net. net. 147173 IN NS h.gtld-servers.net. net. 147173 IN NS k.gtld-servers.net. a.gtld-servers.net. 147173 IN A 192.5.6.30 b.gtld-servers.net. 147173 IN A 192.33.14.30 c.gtld-servers.net. 147173 IN A 192.26.92.30 d.gtld-servers.net. 147173 IN A 192.31.80.30 e.gtld-servers.net. 147173 IN A 192.12.94.30 f.gtld-servers.net. 147173 IN A 192.35.51.30 g.gtld-servers.net. 147173 IN A 192.42.93.30 h.gtld-servers.net. 147173 IN A 192.54.112.30""",UDP,51957,172.0.0.110,2.1.3,DNS Response IN A NOERROR,DNS,cdn.content.prod.cms.msn.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=13;InfobloxArCount=8,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:01:46.670 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""cdn.content.prod.cms.msn.com. 12758 IN CNAME cdn.content.prod.cms.msn.com.edgekey.net. cdn.content.prod.cms.msn.com.edgekey.net. 388 IN CNAME e10663.dscg.akamaiedge.net. e10663.dscg.akamaiedge.net. 4 IN A 104.84.227.92 . 32768 512 OPT """,UDP,37752,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,cdn.content.prod.cms.msn.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:17:46.667 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""audownload.windowsupdate.nsatc.net. 412 IN CNAME au.download.windowsupdate.com.hwcdn.net. au.download.windowsupdate.com.hwcdn.net. 3412 IN CNAME cds.d2s7q6s2.hwcdn.net. cds.d2s7q6s2.hwcdn.net. 112 IN A 205.185.216.10 . 32768 512 OPT """,UDP,52040,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,audownload.windowsupdate.nsatc.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:17:46.667 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""au.download.windowsupdate.com.hwcdn.net. 2629 IN CNAME cds.d2s7q6s2.hwcdn.net. cds.d2s7q6s2.hwcdn.net. 33 IN A 205.185.216.10 cds.d2s7q6s2.hwcdn.net. 33 IN A 205.185.216.42 . 32768 512 OPT """,UDP,34400,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,au.download.windowsupdate.com.hwcdn.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:17:46.667 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""au-bg-shim.trafficmanager.net. 3339 IN CNAME audownload.windowsupdate.nsatc.net. audownload.windowsupdate.nsatc.net. 416 IN CNAME wu.azureedge.net. wu.azureedge.net. 1708 IN CNAME wu.ec.azureedge.net. wu.ec.azureedge.net. 299 IN CNAME wu.wpc.apr-52dd2.edgecastdns.net. wu.wpc.apr-52dd2.edgecastdns.net. 299 IN CNAME hlb.apr-52dd2-0.edgecastdns.net. hlb.apr-52dd2-0.edgecastdns.net. 299 IN CNAME cs11.wpc.v0cdn.net. cs11.wpc.v0cdn.net. 3599 IN A 72.21.81.240 . 32768 512 OPT """,UDP,50524,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,au-bg-shim.trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=7;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:01:46.672 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""assets.msn.com.edgekey.net. 868 IN CNAME e28578.d.akamaiedge.net. e28578.d.akamaiedge.net. 19 IN A 23.66.115.88 e28578.d.akamaiedge.net. 19 IN A 23.66.115.65 . 32768 512 OPT """,UDP,46937,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,assets.msn.com.edgekey.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:01:46.672 AM",,Infoblox,Data Connector,DNS Response,1,,,,172.0.0.253,"""assets.msn.com. 7200 IN CNAME assets.msn.com.edgekey.net. assets.msn.com.edgekey.net. 868 IN CNAME e28578.d.akamaiedge.net. e28578.d.akamaiedge.net. 19 IN A 23.66.115.65 e28578.d.akamaiedge.net. 19 IN A 23.66.115.88 net. 147173 IN NS g.gtld-servers.net. net. 147173 IN NS k.gtld-servers.net. net. 147173 IN NS b.gtld-servers.net. net. 147173 IN NS h.gtld-servers.net. net. 147173 IN NS f.gtld-servers.net. net. 147173 IN NS l.gtld-servers.net. net. 147173 IN NS m.gtld-servers.net. net. 147173 IN NS e.gtld-servers.net. net. 147173 IN NS j.gtld-servers.net. net. 147173 IN NS i.gtld-servers.net. net. 147173 IN NS a.gtld-servers.net. net. 147173 IN NS c.gtld-servers.net. net. 147173 IN NS d.gtld-servers.net. a.gtld-servers.net. 147173 IN A 192.5.6.30 b.gtld-servers.net. 147173 IN A 192.33.14.30 c.gtld-servers.net. 147173 IN A 192.26.92.30 d.gtld-servers.net. 147173 IN A 192.31.80.30 e.gtld-servers.net. 147173 IN A 192.12.94.30 f.gtld-servers.net. 147173 IN A 192.35.51.30 g.gtld-servers.net. 147173 IN A 192.42.93.30 h.gtld-servers.net. 147173 IN A 192.54.112.30 i.gtld-servers.net. 147173 IN A 192.43.172.30""",UDP,53603,172.0.0.110,2.1.3,DNS Response IN A NOERROR,DNS,assets.msn.com.,InfobloxDNSView=2fa70211-f936-4bff-8810-56103877d7ad;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=13;InfobloxArCount=9,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:01:46.671 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""assets.msn.com. 7200 IN CNAME assets.msn.com.edgekey.net. assets.msn.com.edgekey.net. 241 IN CNAME e28578.d.akamaiedge.net. e28578.d.akamaiedge.net. 19 IN A 23.11.231.178 . 32768 512 OPT """,UDP,33198,172.0.0.253,2.1.3,DNS Response IN A NOERROR,DNS,assets.msn.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:13:16.670 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 21308 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 21308 IN RRSIG NSEC3 8 2 86400 20210217054119 20210210043119 58540 com.",UDP,39855,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,googleapis.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;FD+n+fO9jI2LoVi9ULqvx6lIp8ZP5yC/0HzfnJqiqgTTubTJiVzoVT29xai2LSeepPqzS/+sehbGHpqOgj21uJoOLePqmaVx/f73ZGcP6Ud2tlkQQIE++OwDlcQK6P/BM96xdHmGEnG/RaMrFiHV919Xog+sFZddMpjVTtYRq9nST68IU2gLDcNTFeeM7P3CaUdaSRl3LIRz8iuWMrYNSg=;x0c9nZQaudzMH5fswE6GNzVS9W7s8JyBuv9BWS1IOC/i4RD47UqBk/lDuwuim6IOR0ZyziqErbJ19SZ8sSZIAMRB1TQXQJm+SdWslsQFWHtPFFZ5NHSVYHhPT3GeeOSlKsUv49Br4fcS+k6A9qiBrptVpg/7smGjYDayNmteBeFKi8Zl4mwBQWnK65mq4/SWj1z6j5oqNMog4nkmVUbx4g=;wy3o2Mbrzk0n7WOLVdjeIUKhf7UOLV6tjoVuL8Mvgk1ocSftelyWeV2urCSOxxaqdbBBNfUkM3g7hJ4GKLuleecAbm/u+hC8M9KjNEz+KYFOTcKFXWYvS/1nhiuTO4UgjCid0UWOQK2tZOE9GxGcoT8T0taPE81ED1oDXmT3oB75O2kuQURwpixRiLhwvoKyW8C1mzVhcCkeXUiVnIM1Tw=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:01:46.671 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 21162 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 21162 IN RRSIG NSEC3 8 2 86400 20210217054119 20210210043119 58540 com.",UDP,56801,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,msn.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;FD+n+fO9jI2LoVi9ULqvx6lIp8ZP5yC/0HzfnJqiqgTTubTJiVzoVT29xai2LSeepPqzS/+sehbGHpqOgj21uJoOLePqmaVx/f73ZGcP6Ud2tlkQQIE++OwDlcQK6P/BM96xdHmGEnG/RaMrFiHV919Xog+sFZddMpjVTtYRq9nST68IU2gLDcNTFeeM7P3CaUdaSRl3LIRz8iuWMrYNSg=;oJ48JfbbIbLoC4SQBs8Q9KFNZGY6XVS+ofjb2ZbBkfpSvQK5Kpi/l5AX5tSJu3zBYNAbWwM3CSA9C/Gh3PSFq+Qpf7Co7hS3rvFryA4XspS76uB2Y1LvgG+WQXXq4pqtAu5r46A1I6NRjyuF4NOJuJLbIh3ahi5+LG+3pMvsCp/2Mev7Ec24JuliV/6wjPxfA3Row/QjmSLIOT6wi7X7rw=;dawgopSM/x8vaajFRD55KgGPTpOzW+WPq45INVsBnWtd228GT5R2tK265JutaDO73umLqG5HWdUOPq2QBnBteKp4IlDm7/WqlOawA1Kfr73G34JfI7L9OJWz6ZGQDgS4+cvfn6FLI9fPfwWdy4FZhc7r8wGKG/SvbJh6dSq9HuOyAnYlVH6tq8D7E9Y9vDbtKp2v51ZJ1m6o3Z7/F/lO0A=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:20:31.659 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 21160 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 21160 IN RRSIG NSEC3 8 2 86400 20210217054119 20210210043119 58540 com.",UDP,54481,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,windows.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;FD+n+fO9jI2LoVi9ULqvx6lIp8ZP5yC/0HzfnJqiqgTTubTJiVzoVT29xai2LSeepPqzS/+sehbGHpqOgj21uJoOLePqmaVx/f73ZGcP6Ud2tlkQQIE++OwDlcQK6P/BM96xdHmGEnG/RaMrFiHV919Xog+sFZddMpjVTtYRq9nST68IU2gLDcNTFeeM7P3CaUdaSRl3LIRz8iuWMrYNSg=;xWOxyHcyTp7XW7rSu7644VBgJGtTp/A8aykILMJgT15p9YeMN2Wwvhpzxf8cPauDph5yj3/Vo9Sh/5VUcaJ1nu1I+CeaARHIdUKToLNQCJg5imX3wZcy9VU3X/eIoJ3ZFW7LJvNdRQIrNAZW+QXXAeh01uKeq2pvMkGnolrsfLs4ekizqT/Uz6Kn9MbCrt46sTsxnGfVx84O3ije1F7qsw=;MS+suyXsyBD7QEnSEpHUNI09q6G/b8IJI+JReaD4MjzOvMZSdmvlO63DLWIkuJmCG1LY+QUWL7Vv00j+pw3xmlRkgY46Db7Z9qbFm0bAaxmQ/jWbOabGSmcSSZTdt68XLCkwtp9yccWPgUxtmc4nWicMAw5SVuQEHsNj3X/hX34cQaKXScjWSDlk0HhQenbsVJM8V/mAe0NTNLBPnyvtZA=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:25:46.644 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 21122 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 21122 IN RRSIG NSEC3 8 2 86400 20210217054119 20210210043119 58540 com.",UDP,37752,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,amazonaws.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;FD+n+fO9jI2LoVi9ULqvx6lIp8ZP5yC/0HzfnJqiqgTTubTJiVzoVT29xai2LSeepPqzS/+sehbGHpqOgj21uJoOLePqmaVx/f73ZGcP6Ud2tlkQQIE++OwDlcQK6P/BM96xdHmGEnG/RaMrFiHV919Xog+sFZddMpjVTtYRq9nST68IU2gLDcNTFeeM7P3CaUdaSRl3LIRz8iuWMrYNSg=;pbvi0wM+bG/B/dBpiXgTGyVh/crqdRn/5zbfEpoWX1OAB+Xr/s2+A7kT3U2aJABbtIBXnoXQvuUkrW6ZEDOZzRppyw3NTdSyHvstYdCGWvr8rAcXNCEf/S0tGEZf4IO6/9vBZuu9QG8KGnxWLEO00f40TyE/PTWk1Juw/1k8mzqVT7bxn69kuW3JqQc0Y72E7mC3EYApLfnIPvPd4QwI5A=;FGcGCo21Q7YylOEDVNXZArBunK8NQFL0KqEKhyBnY0AqYyxbZfEJR7XtTvHsmPbnXPNaBjBwDHxqjyWzZXGRDKshK7/rxxOnJt+cS8N4H382zzQor3jqu9dhT4SwlLfs18IYq8jWeOccgSyYFuj6HKQ9k20tagv1ASwo8EHXcHTIRjdOtM9DeHSsgBEsH5Jl+S68cbH9yr1un6D26l/kSg=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:17:46.667 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 21109 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 21109 IN RRSIG NSEC3 8 2 86400 20210217054119 20210210043119 58540 com.",UDP,42396,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,windowsupdate.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;FD+n+fO9jI2LoVi9ULqvx6lIp8ZP5yC/0HzfnJqiqgTTubTJiVzoVT29xai2LSeepPqzS/+sehbGHpqOgj21uJoOLePqmaVx/f73ZGcP6Ud2tlkQQIE++OwDlcQK6P/BM96xdHmGEnG/RaMrFiHV919Xog+sFZddMpjVTtYRq9nST68IU2gLDcNTFeeM7P3CaUdaSRl3LIRz8iuWMrYNSg=;K2UJnIOuqvcKeXDI5ov7tb+pdRcWrQtuRqMPpvOgaxf0NmZZmuL4yqjoRqQooUwHtL0meIDWbbMgwrsgSf2wJPLZ3AkSak8JTiDYtitGhKvbWRU8ObWgFp0FXcbWcLX2392wmGMKhwPGR/ok3iddD7hwB/sT2h6u0/4rOc+ahiUwGbpPFb4RCWgOgda1EeglInhX4DF0akfmjIVFIRA8IQ=;RNVTwdvv9JmnrKTjiUKbgbx4omzp5bLLvvlUyCNzBntZsorF8OCVV0M7NOOz5WdLN9ah01BLKSh6Yt3nAAuPnYwEVJkc8zoeENAD9QS/ZnjSZVJqWjMzyBydsRFBOclxAE+qQmDcZZB6HP8+lGrPwPEBYb0sff+z6LHwnLIo2CjhocJy9fWqGd9G/x+vSzHIrnaFPkhgI13+pPYrGBCumw=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:02:31.642 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 21030 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 21030 IN RRSIG NSEC3 8 2 86400 20210217054119 20210210043119 58540 com.",UDP,40632,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,googleapis.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;FD+n+fO9jI2LoVi9ULqvx6lIp8ZP5yC/0HzfnJqiqgTTubTJiVzoVT29xai2LSeepPqzS/+sehbGHpqOgj21uJoOLePqmaVx/f73ZGcP6Ud2tlkQQIE++OwDlcQK6P/BM96xdHmGEnG/RaMrFiHV919Xog+sFZddMpjVTtYRq9nST68IU2gLDcNTFeeM7P3CaUdaSRl3LIRz8iuWMrYNSg=;jde8LbAIYqw7GtoE7ci9Jcm9gO92cM2gXyg2B/OfBDXMebgEGGtr+yN4YKzcTQEB9dJiHjerAljPM4nlz+jBVfxNfh7U2OnYmb9LcPkIpZaTgpGGxjkyo1dfPEj07bz9Ltdb/GhaA9nY3JY+LZSA0qlNq44tW6ygZbbLLEQCYwZAXc5WH6Uy1TxXd+9/UWIikbOas3+NJXHmXWjD99x0Yg=;wy3o2Mbrzk0n7WOLVdjeIUKhf7UOLV6tjoVuL8Mvgk1ocSftelyWeV2urCSOxxaqdbBBNfUkM3g7hJ4GKLuleecAbm/u+hC8M9KjNEz+KYFOTcKFXWYvS/1nhiuTO4UgjCid0UWOQK2tZOE9GxGcoT8T0taPE81ED1oDXmT3oB75O2kuQURwpixRiLhwvoKyW8C1mzVhcCkeXUiVnIM1Tw=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:31.639 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 20862 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 20862 IN RRSIG NSEC3 8 2 86400 20210217054119 20210210043119 58540 com.",UDP,33168,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,amazonaws.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;FD+n+fO9jI2LoVi9ULqvx6lIp8ZP5yC/0HzfnJqiqgTTubTJiVzoVT29xai2LSeepPqzS/+sehbGHpqOgj21uJoOLePqmaVx/f73ZGcP6Ud2tlkQQIE++OwDlcQK6P/BM96xdHmGEnG/RaMrFiHV919Xog+sFZddMpjVTtYRq9nST68IU2gLDcNTFeeM7P3CaUdaSRl3LIRz8iuWMrYNSg=;tZu6LRECi8XkWdAi3MHvzLVqXF0rlTWFcKqoWChcf98bLrIO7iSrnih0c55c7qIBdiRElsNcPER14M6TibE1C3RitMFTvmOan6z8xMTzoL7ex3kl0iDceAALjlfOwQ4xT94zZdbfYy10MhHI975/NuUPt/zhvHTnG5Fdxq26zV77aBH5lYHqOoMySigSD1ITd/rxsOYnYbuQASfpSTFH/g=;FGcGCo21Q7YylOEDVNXZArBunK8NQFL0KqEKhyBnY0AqYyxbZfEJR7XtTvHsmPbnXPNaBjBwDHxqjyWzZXGRDKshK7/rxxOnJt+cS8N4H382zzQor3jqu9dhT4SwlLfs18IYq8jWeOccgSyYFuj6HKQ9k20tagv1ASwo8EHXcHTIRjdOtM9DeHSsgBEsH5Jl+S68cbH9yr1un6D26l/kSg=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:15:46.640 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 20794 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 20794 IN RRSIG NSEC3 8 2 86400 20210217054119 20210210043119 58540 com.",UDP,45685,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,amazonaws.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;FD+n+fO9jI2LoVi9ULqvx6lIp8ZP5yC/0HzfnJqiqgTTubTJiVzoVT29xai2LSeepPqzS/+sehbGHpqOgj21uJoOLePqmaVx/f73ZGcP6Ud2tlkQQIE++OwDlcQK6P/BM96xdHmGEnG/RaMrFiHV919Xog+sFZddMpjVTtYRq9nST68IU2gLDcNTFeeM7P3CaUdaSRl3LIRz8iuWMrYNSg=;C9Vcv4hdlFCwX6U5v3wlP1QK1jPVJHZps27+CTPZqQx/Ily6ItVsBbfRSr5hjET7e1HFJuBp+zNsEn63wQFDektY10paLwtQHl8KbnuBndN6R5Nu9QPWV1wbXVaGq7v1v/ra3ZX3z587X09Q6wuvOQXnyXXn4sLwzzZKgo7/bnKOwTazXfqHwOpTRJLWGnTl0ZHgzv1ENdyEJ1AypOqGQQ=;FGcGCo21Q7YylOEDVNXZArBunK8NQFL0KqEKhyBnY0AqYyxbZfEJR7XtTvHsmPbnXPNaBjBwDHxqjyWzZXGRDKshK7/rxxOnJt+cS8N4H382zzQor3jqu9dhT4SwlLfs18IYq8jWeOccgSyYFuj6HKQ9k20tagv1ASwo8EHXcHTIRjdOtM9DeHSsgBEsH5Jl+S68cbH9yr1un6D26l/kSg=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:17:46.667 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 21591 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 21591 IN RRSIG NSEC3 8 2 86400 20210217084924 20210210073924 30944 net.",UDP,35140,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,nsatc.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;nt7g1B8bCLrN7mkMa/FRIdlD+Ndq9jW7yNXKcZjWHTzvAmHjWw0IkF5JdUvlOurd4HOgiNaczhueq7Cr1DQBkMptz6LP3xc91kZ5UwGjKgr2Y6K27MsQT+pbjDY0JS5rhqAbfYI46xIySEiP6HcQBU1DAZlg09CQHlXQFEy/nTX8jErBvUl8aPLN1ETMjW7af0TbC4daW8RIPQ5XOVl1cA=;KGfpcbZ5+NMS2poFnvMuORoSCoARv3aAv/0g3k0C9OA6t8WuZIVCTL8iTKoaN1bdBObJt52jr9WUHlOr9N5Ox2yd8Tnq0WHUNSrLZcE4UGXocuWjJ5pugnjp03/Thtpzv/8Aa4Fsfj+uHbrjnyHzL9mzY/1zajJOJsprtRd5TFj1eyr6a/s5PMAjZX/YNpSFPr6X8FVtEZAe5qp/RW4N5g=;j4FGClSNtszyBtlByjBB6WLeEsMPC4Y2G12XgXWh2Pp2vk8vVewWJdA9WIWDZkzfE48+RiJPKU3bu5yTKXcW8tfzirNIOntW8mJ7vogfjZF4P7mMvjLwQ97D1yuMW32Q4r/qjEIvoITIYAxgufJzH6jUzRNyvDfb0S6bYYOmGwarVWMTuT9jzg2E5mKdfs1ak7NRF6rYUYGdCnXwrrYBAA=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:16:46.627 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 21538 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 21538 IN RRSIG NSEC3 8 2 86400 20210217084924 20210210073924 30944 net.",UDP,39511,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,cloudapp.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;nt7g1B8bCLrN7mkMa/FRIdlD+Ndq9jW7yNXKcZjWHTzvAmHjWw0IkF5JdUvlOurd4HOgiNaczhueq7Cr1DQBkMptz6LP3xc91kZ5UwGjKgr2Y6K27MsQT+pbjDY0JS5rhqAbfYI46xIySEiP6HcQBU1DAZlg09CQHlXQFEy/nTX8jErBvUl8aPLN1ETMjW7af0TbC4daW8RIPQ5XOVl1cA=;ggtNJJdd9uKyw7JrYh0ZyJs0B1pYM6Dt9FCWljQg/NcWBcYAdpkKn4DaWElrhCLN5gfz5G932Ksun9vX+nixzVpL1HRnLxRikJOK7lwWSsY/sS2heP/xJKPIqKxpuZL2YqFll1O7fRjcEc1TzItr1gMMaMM8AddMituVJDanJgQbCuWlRFBxMtBwSfEF4ZT619rO3tRQvUbu+ktWUi2Ugg=;oTxLz7B5W1X3R38+SlL0KcBE1x7vGuECFnwRdcAPoHIbqtRje/DYltkcV44+9QKDM8oYkdK54v3IZQoqJEiFAPsbzYOm9dPXOusYS6k2jVbEnWKEI612opFMjHGs7FTjjrOFd8kPghrkD8JZVuZAgiMCBwhZ66N3z87SOtgHbORA2W5j+aFI14NsMDdKh0MmNbueyM4O985MDt9+NVyFBQ=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:17:46.667 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 21485 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 21485 IN RRSIG NSEC3 8 2 86400 20210217084924 20210210073924 30944 net.",UDP,32985,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,hwcdn.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;nt7g1B8bCLrN7mkMa/FRIdlD+Ndq9jW7yNXKcZjWHTzvAmHjWw0IkF5JdUvlOurd4HOgiNaczhueq7Cr1DQBkMptz6LP3xc91kZ5UwGjKgr2Y6K27MsQT+pbjDY0JS5rhqAbfYI46xIySEiP6HcQBU1DAZlg09CQHlXQFEy/nTX8jErBvUl8aPLN1ETMjW7af0TbC4daW8RIPQ5XOVl1cA=;ggtNJJdd9uKyw7JrYh0ZyJs0B1pYM6Dt9FCWljQg/NcWBcYAdpkKn4DaWElrhCLN5gfz5G932Ksun9vX+nixzVpL1HRnLxRikJOK7lwWSsY/sS2heP/xJKPIqKxpuZL2YqFll1O7fRjcEc1TzItr1gMMaMM8AddMituVJDanJgQbCuWlRFBxMtBwSfEF4ZT619rO3tRQvUbu+ktWUi2Ugg=;rkSoMXb48rv5X6GFB8CCvY0CWbWISgVsy581GMH0TVbkJGGBNM8f+sV4BNJ9J3LoHjAWiYDQIwnYd9GBRPNpbntMpqEDWW4TAkcN2SIVcPa+a2lNm6xpL1/KsHM/scLXJ+o7DCl80ue92PBlHEuMw4S1xsTUaYmvM6Vhjgtu9vtxJ/KBLWcctXvvsc+MS0P5Q18+1pVHITWxsD6eI7beHw=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:15:16.650 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 21478 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 21478 IN RRSIG NSEC3 8 2 86400 20210217084924 20210210073924 30944 net.",UDP,35042,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;nt7g1B8bCLrN7mkMa/FRIdlD+Ndq9jW7yNXKcZjWHTzvAmHjWw0IkF5JdUvlOurd4HOgiNaczhueq7Cr1DQBkMptz6LP3xc91kZ5UwGjKgr2Y6K27MsQT+pbjDY0JS5rhqAbfYI46xIySEiP6HcQBU1DAZlg09CQHlXQFEy/nTX8jErBvUl8aPLN1ETMjW7af0TbC4daW8RIPQ5XOVl1cA=;neHEZCc7aSicDpTu+vGOI1LgS9dALhOEQen58Il+3g7Zgl3hKaA0FTatZmHQokzUUFY8yRup+hMXcmZl5EYZ9ZN82cM0r6NsDkgNZn4jR3qlw2Ph9PRrKBXau9cCZ2cjPNS2feL38tCtAUxcIE1HcMjcL9Iko6WFUOARsSzN/P+2Og0nD8qdr4ujkJjb2Nmq0eBuXD8aOz6LRfaTYles9Q=;tNeiuF8NGOTF9NmDyxx2Vzfsk1sMosf6XHNxX2CE1/+yRJEERVJ8zfKq+zjoXcdXL7xbBy/Zs2vAfWcFPdC78R43Jmb8IqH2g4VOEkbvCkJeBpt+Rky8aFWWghRvpOHIZyGAAkZ99b8gS2ootA1dOcfyK+ZViSvv33/MsbMIEKiTLJofeFJ23WppPBkXwy7GwNbHCHfuBuKHI3axHckypQ=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:01:46.671 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 21449 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 21449 IN RRSIG NSEC3 8 2 86400 20210217084924 20210210073924 30944 net.",UDP,35832,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,akamaiedge.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;nt7g1B8bCLrN7mkMa/FRIdlD+Ndq9jW7yNXKcZjWHTzvAmHjWw0IkF5JdUvlOurd4HOgiNaczhueq7Cr1DQBkMptz6LP3xc91kZ5UwGjKgr2Y6K27MsQT+pbjDY0JS5rhqAbfYI46xIySEiP6HcQBU1DAZlg09CQHlXQFEy/nTX8jErBvUl8aPLN1ETMjW7af0TbC4daW8RIPQ5XOVl1cA=;CGBCcRfCoTaU0ycL/WVgf3kV8r1De5Xgi00s2dXW34V1+4ZsPh6zP5quie4F8JT88XdVEIzgy9nFjHihfIqtD8YgnhHEPW1zBUzWE7Rxzr5141bv062xv4YogtUOnxT3j14vIytXRbNtLpt+cVjFlgNSShprsCa/V+gmZKOZUSFsxU3GFszOcMr48Gl5AsgQNKvSxYKNlgNulC2LMmK2ug=;q561ysTDa51jrKQeom8iayySW8Qz9OI/+UEtW9VUxfiDebXteEuVBP+7R1MkwwvoQvHkoKA3AyJhgwlOq9DAQuII55UYWU4b04fhj6TpjK57bHzmrvgez/M3SRfQKOsh4qKd6xb+t5BoRGDiZR5Hh/Sc2ryZ8rMonlK0tBz/EQXOPjlQG7B8N6R7e3QhOI91VFeTyvPSNzJmS82xCnQ6fg=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:55:01.617 PM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 21134 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 21134 IN RRSIG NSEC3 8 2 86400 20210217084924 20210210073924 30944 net.",UDP,38583,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;nt7g1B8bCLrN7mkMa/FRIdlD+Ndq9jW7yNXKcZjWHTzvAmHjWw0IkF5JdUvlOurd4HOgiNaczhueq7Cr1DQBkMptz6LP3xc91kZ5UwGjKgr2Y6K27MsQT+pbjDY0JS5rhqAbfYI46xIySEiP6HcQBU1DAZlg09CQHlXQFEy/nTX8jErBvUl8aPLN1ETMjW7af0TbC4daW8RIPQ5XOVl1cA=;Mj2HMmnLlQ2wlq5e0BfkjIftiZaILCytFP2tiBIdTrBEMCaYL49f5huoxXNJMBZIMQweicDZMlcORodIgS/UmJmXRvyJTr+UG4J7u3l9qqDsUtzL8BveJYcJn8EuYZp/vxs7ccX/fpqeGfEP7e3Rxwfjf8GTHQQqHFeeasUQPRYo/OnKuM8cTpzTC386Xo+GMlB5VkiAbiFsfavBucNwpQ=;tNeiuF8NGOTF9NmDyxx2Vzfsk1sMosf6XHNxX2CE1/+yRJEERVJ8zfKq+zjoXcdXL7xbBy/Zs2vAfWcFPdC78R43Jmb8IqH2g4VOEkbvCkJeBpt+Rky8aFWWghRvpOHIZyGAAkZ99b8gS2ootA1dOcfyK+ZViSvv33/MsbMIEKiTLJofeFJ23WppPBkXwy7GwNbHCHfuBuKHI3axHckypQ=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:57:31.632 PM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 21030 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 21030 IN RRSIG NSEC3 8 2 86400 20210217084924 20210210073924 30944 net.",UDP,54375,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,edgekey.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;nt7g1B8bCLrN7mkMa/FRIdlD+Ndq9jW7yNXKcZjWHTzvAmHjWw0IkF5JdUvlOurd4HOgiNaczhueq7Cr1DQBkMptz6LP3xc91kZ5UwGjKgr2Y6K27MsQT+pbjDY0JS5rhqAbfYI46xIySEiP6HcQBU1DAZlg09CQHlXQFEy/nTX8jErBvUl8aPLN1ETMjW7af0TbC4daW8RIPQ5XOVl1cA=;bfI3oIF4I9Lj5W+EE4mZ0oYpecOTHtq5QEfZBS5oaAmgX1QXg8M9HSX3HbbQZGvHnFPox83HgTXHK6hgHkBqS9dPFEsq18uHsnSJ6RZgs2EYWB1+UoPwS6ww5BHhYLtQz3pUCBGKStAx5/9+FUkcK+++8eXxm38aRRtwKGiZ1qIhYvOuu1CwFXPHIOtuPidRHXmBeL7FIju87JAPH3B9PA=;FnXhWPZhqcZMe8qsOmOBFkFv8+j/M5nRmVs8HOAHPTXkHBUi/I+1wUNTjrrSUBKpSJGoikibHrXvzoMVybU3akZlM2QHP7GlxHJKni0RvaYtDYdLK7YcUMwS3DKMoJ+jKe64kli2oUp7I+fOwvxCx/6lLLjSPZbUJbiz1MwARmAGYklo5oLxhPXE0uexpE6K8U4rc0RrsfqG5KWgPqzUhw=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:10:16.636 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 20790 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 20790 IN RRSIG NSEC3 8 2 86400 20210217084924 20210210073924 30944 net.",UDP,40497,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;nt7g1B8bCLrN7mkMa/FRIdlD+Ndq9jW7yNXKcZjWHTzvAmHjWw0IkF5JdUvlOurd4HOgiNaczhueq7Cr1DQBkMptz6LP3xc91kZ5UwGjKgr2Y6K27MsQT+pbjDY0JS5rhqAbfYI46xIySEiP6HcQBU1DAZlg09CQHlXQFEy/nTX8jErBvUl8aPLN1ETMjW7af0TbC4daW8RIPQ5XOVl1cA=;cJhML08IhhuDiLfndh6ZdtbkzEvnO5nEUHVPeeUj6flbIoqQpctE5tJgU3pz4Q4YbI3W8mv9UJFWb874U6SSe/vXXPrUQ2sy56eJQo8kRlgvW+rpKIKSV0W4kubdy3bdcRU2WLnaSmMBb8xATDLouquVhMXY4r8b6I8f/RLUnPdR82J8Nb1SyYp4cyp6yp18z6FADuuV4LxoefureSSRDw=;tNeiuF8NGOTF9NmDyxx2Vzfsk1sMosf6XHNxX2CE1/+yRJEERVJ8zfKq+zjoXcdXL7xbBy/Zs2vAfWcFPdC78R43Jmb8IqH2g4VOEkbvCkJeBpt+Rky8aFWWghRvpOHIZyGAAkZ99b8gS2ootA1dOcfyK+ZViSvv33/MsbMIEKiTLJofeFJ23WppPBkXwy7GwNbHCHfuBuKHI3axHckypQ=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:16.647 AM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 20774 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 20774 IN RRSIG NSEC3 8 2 86400 20210217084924 20210210073924 30944 net.",UDP,47100,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,trafficmanager.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;nt7g1B8bCLrN7mkMa/FRIdlD+Ndq9jW7yNXKcZjWHTzvAmHjWw0IkF5JdUvlOurd4HOgiNaczhueq7Cr1DQBkMptz6LP3xc91kZ5UwGjKgr2Y6K27MsQT+pbjDY0JS5rhqAbfYI46xIySEiP6HcQBU1DAZlg09CQHlXQFEy/nTX8jErBvUl8aPLN1ETMjW7af0TbC4daW8RIPQ5XOVl1cA=;YyTMa0Wp16i/eWYLwXpktkpDa80n2FCd+X0nqs8S/8J1ObgcOJIets3K+Tp6oaK4b1mmV8aIHfHtp9Cj5M/WidukCGTcIyshhZJUgBrfRr/ulXH1cZa4bYq+a9nvSV+WaZ12FfFGV3Kr3ACAoTABT+IoYJoisHKxFZIw/wEYNxKOyfqVVX0DdCmQDLTlftrGGVj896pFiTQ9FkdZWwcvUw=;tNeiuF8NGOTF9NmDyxx2Vzfsk1sMosf6XHNxX2CE1/+yRJEERVJ8zfKq+zjoXcdXL7xbBy/Zs2vAfWcFPdC78R43Jmb8IqH2g4VOEkbvCkJeBpt+Rky8aFWWghRvpOHIZyGAAkZ99b8gS2ootA1dOcfyK+ZViSvv33/MsbMIEKiTLJofeFJ23WppPBkXwy7GwNbHCHfuBuKHI3axHckypQ=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:57:31.632 PM",,Infoblox,Data Connector,DNS Response,1,,,,8.8.8.8,"""A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 20771 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 20771 IN RRSIG NSEC3 8 2 86400 20210217084924 20210210073924 30944 net.",UDP,48713,172.0.0.253,2.1.3,DNS Response IN DS NOERROR,DNS,akamaiedge.net.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=DS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;nt7g1B8bCLrN7mkMa/FRIdlD+Ndq9jW7yNXKcZjWHTzvAmHjWw0IkF5JdUvlOurd4HOgiNaczhueq7Cr1DQBkMptz6LP3xc91kZ5UwGjKgr2Y6K27MsQT+pbjDY0JS5rhqAbfYI46xIySEiP6HcQBU1DAZlg09CQHlXQFEy/nTX8jErBvUl8aPLN1ETMjW7af0TbC4daW8RIPQ5XOVl1cA=;Mc5xo5vWOfGE6yXyRN8ExgTet4d8PC51JCe4Ard9XtXcaiRDj9taikVI2mBnfgv1X7//7eyZusZvVyqoKERftCNgt3olURkJxEkspijjdKDdAMo+1C87LpidArCXvE4KtaYZz17NANpUwB765JyAr5bMUWOIk1oZdL36VmorPLxTNAzNaffBSTh0v4NDEjPFKfvK3nFfL2h7eeA67G8QDA=;q561ysTDa51jrKQeom8iayySW8Qz9OI/+UEtW9VUxfiDebXteEuVBP+7R1MkwwvoQvHkoKA3AyJhgwlOq9DAQuII55UYWU4b04fhj6TpjK57bHzmrvgez/M3SRfQKOsh4qKd6xb+t5BoRGDiZR5Hh/Sc2ryZ8rMonlK0tBz/EQXOPjlQG7B8N6R7e3QhOI91VFeTyvPSNzJmS82xCnQ6fg=;InfobloxAnCount=0;InfobloxNsCount=6;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:51:46.999 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,26823,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,youtube.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:51:40.268 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,11091,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,youtube.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:51:38.718 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,26823,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,www.bing.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:51:40.268 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,11091,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,www.bing.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:56:32.515 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,25989,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,watson.telemetry.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:56:52.995 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,49493,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,watson.telemetry.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:11:36.441 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,48906,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,v10.events.data.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:11:08.117 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,46798,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,v10.events.data.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:52:25.459 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,11500,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,update.googleapis.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:52:29.933 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,4772,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,update.googleapis.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:10:21.647 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,45027,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,update.googleapis.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:52:44.067 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,2113,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,update.googleapis.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:52:49.883 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,60222,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,update.googleapis.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:10:22.143 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,52569,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,update.googleapis.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:23:50.805 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,53238,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,update.googleapis.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:23:51.036 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,13216,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,update.googleapis.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:25:31.690 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,16301,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,tile-service.weather.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:25:33.065 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,41618,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,tile-service.weather.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:58:06.189 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,44892,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,tile-service.weather.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:58:11.113 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,40734,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,tile-service.weather.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:53:40.040 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,10691,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,sls.update.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:53:38.531 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,42264,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,sls.update.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:53:38.531 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,42264,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,sls.update.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:53:38.531 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,42264,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,sls.update.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:53:38.530 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,42264,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,sls.update.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:53:40.040 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,10691,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,sls.update.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:53:40.040 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,10691,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,sls.update.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:53:38.531 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,42264,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,sls.update.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:53:38.531 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,42264,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,sls.update.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:56:43.787 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,63440,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,settings-win.data.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:23:29.314 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,53354,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,settings-win.data.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:26:49.328 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,59942,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,settings-win.data.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:08:21.305 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,8899,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,settings-win.data.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:56:47.435 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,26052,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,settings-win.data.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:53:24.229 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,24396,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,settings-win.data.microsoft.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:02:21.331 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,35514,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,pool.ntp.org.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:02:21.331 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,49521,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,pool.ntp.org.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:06:08.170 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,37415,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,ocsp.digicert.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:34.981 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,14692,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,ocsp.digicert.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:35.299 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,53484,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,ocsp.digicert.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:06:10.063 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,60979,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,ocsp.digicert.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:21.024 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,56387,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,ntp.ubuntu.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:17.985 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,43314,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,ntp.ubuntu.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:11:41.502 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,30717,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,login.live.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:56:33.193 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,34276,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,login.live.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:19:11.198 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,45395,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,login.live.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:56:52.994 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,49493,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,ctldl.windowsupdate.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:26:57.528 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,15022,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,ctldl.windowsupdate.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:27:04.691 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,46404,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,ctldl.windowsupdate.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:06:10.063 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,60979,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,crl4.digicert.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:34.982 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,14692,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,crl4.digicert.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:05:35.298 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,14692,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,crl4.digicert.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:52:36.805 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,26804,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,config.edge.skype.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:03:01.177 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,48173,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,clientservices.googleapis.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:03:02.109 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,34924,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,clientservices.googleapis.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:01:18.968 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,37715,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,clientservices.googleapis.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:01:20.957 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,16924,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,clientservices.googleapis.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:58:01.090 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,41258,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,cdn.content.prod.cms.msn.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/12/2021, 12:25:29.138 AM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,21303,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,cdn.content.prod.cms.msn.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog +846a366e-408f-4648-9891-3a12dbbf65cc,OpsManager,"2/11/2021, 11:56:32.515 PM",,Infoblox,Data Connector,DNS Response,1,,,,,"""""",TCP,25989,208.50.179.13,2.1.3,DNS Response IN A NOERROR,DNS,cdn.content.prod.cms.msn.com.,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,CommonSecurityLog diff --git a/Workbooks/Images/Preview/InfobloxCDCB1TDBlack.png b/Workbooks/Images/Preview/InfobloxCDCB1TDBlack.png new file mode 100644 index 0000000000..ebef947864 Binary files /dev/null and b/Workbooks/Images/Preview/InfobloxCDCB1TDBlack.png differ diff --git a/Workbooks/Images/Preview/InfobloxCDCB1TDWhite.png b/Workbooks/Images/Preview/InfobloxCDCB1TDWhite.png new file mode 100644 index 0000000000..d77c7a0b8b Binary files /dev/null and b/Workbooks/Images/Preview/InfobloxCDCB1TDWhite.png differ diff --git a/Workbooks/InfobloxCDCB1TDWorkbook.json b/Workbooks/InfobloxCDCB1TDWorkbook.json new file mode 100644 index 0000000000..461fd6c956 --- /dev/null +++ b/Workbooks/InfobloxCDCB1TDWorkbook.json @@ -0,0 +1,4087 @@ +{ + "version": "Notebook/1.0", + "items": [ + { + "type": 1, + "content": { + "json": "# Infoblox CDC BloxOne Threat Defense Workbook\r\n\r\n##### Get a closer look at your BloxOne Threat Defense security event data. \r\n\r\nThis workbook is intended to help visualize BloxOne Threat Defense data as part of the Infoblox Cloud Data Connector. Drilldown your data and visualize events, trends, and anomalous changes over time.\r\n\r\n---\r\n" + }, + "name": "text - 3", + "styleSettings": { + "margin": "0 0 20px 0" + } + }, + { + "type": 11, + "content": { + "version": "LinkItem/1.0", + "style": "tabs", + "links": [ + { + "id": "46b4abc5-316b-4c75-89b7-5cf134d6dbb0", + "cellValue": "view", + "linkTarget": "parameter", + "linkLabel": "Overview", + "subTarget": "Overview", + "style": "link" + }, + { + "id": "81661594-3591-4fe6-a67d-b69ae55abf67", + "cellValue": "view", + "linkTarget": "parameter", + "linkLabel": "Events by IP", + "subTarget": "Events by IP", + "preText": "IPs", + "style": "link" + }, + { + "id": "46ca603b-ead0-46bd-987d-1d157b2a763a", + "cellValue": "view", + "linkTarget": "parameter", + "linkLabel": "Events by Domain", + "subTarget": "Events by Domain", + "style": "link" + }, + { + "id": "2e942b67-07c4-4579-ac5b-f43c5b01c51c", + "cellValue": "view", + "linkTarget": "parameter", + "linkLabel": "Category Filters", + "subTarget": "Category Filters", + "style": "link" + } + ] + }, + "name": "links - 16", + "styleSettings": { + "margin": "0 0 20px 0" + } + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "9878ee10-a66a-4438-afdd-29789d76bd61", + "version": "KqlParameterItem/1.0", + "name": "TimeRange", + "type": 4, + "isRequired": true, + "value": { + "durationMs": 3600000 + }, + "typeSettings": { + "selectableValues": [ + { + "durationMs": 300000 + }, + { + "durationMs": 900000 + }, + { + "durationMs": 1800000 + }, + { + "durationMs": 3600000 + }, + { + "durationMs": 14400000 + }, + { + "durationMs": 43200000 + }, + { + "durationMs": 86400000 + }, + { + "durationMs": 172800000 + }, + { + "durationMs": 259200000 + }, + { + "durationMs": 604800000 + }, + { + "durationMs": 1209600000 + }, + { + "durationMs": 2419200000 + }, + { + "durationMs": 2592000000 + }, + { + "durationMs": 5184000000 + }, + { + "durationMs": 7776000000 + } + ], + "allowCustom": true + } + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "30", + "name": "parameters - 0" + }, + { + "type": 1, + "content": { + "json": "#### Set a time range for which to view data using the dropdown to the left. It will be applied to all visualizations of this workbook. Note that using a large range may cause queries to timeout depending on the size of your environment. If you have difficulties try reducing the range.\r\n\r\n---\r\n", + "style": "info" + }, + "customWidth": "70", + "name": "text - 7" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## Events by IP\r\n---\r\n#### Get a closer look into where threat data is originating. \r\nThis section visualizes which IP addresses are producing the most hits. Further drilldown data by source IP address. \r\n\r\nUse the dropdowns below to filter by Threat Level, Feed, and Class." + }, + "name": "text - 8" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "12793c1f-b77e-4319-99f6-b6b4230d9cfe", + "version": "KqlParameterItem/1.0", + "name": "ThreatLevelParam", + "label": "Threat Level", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "'", + "delimiter": ",", + "value": [ + "value::all" + ], + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "selectAllValue": "All", + "showDefault": false + }, + "jsonData": "[\r\n { \"value\":\"N/A\"},\r\n { \"value\":\"Info\"},\r\n { \"value\":\"Low\"},\r\n { \"value\":\"Medium\"},\r\n { \"value\":\"High\"}\r\n]", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "defaultValue": "value::all" + }, + { + "id": "06740a9f-b69a-4769-b747-01898d6b9480", + "version": "KqlParameterItem/1.0", + "name": "FeedParam", + "label": "Feed", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "\"", + "delimiter": ",", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where isnotempty(Feed)\r\n| summarize by Feed\r\n| order by Feed asc", + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "selectAllValue": "All", + "showDefault": false + }, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "defaultValue": "value::all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "value": [ + "value::all" + ] + }, + { + "id": "a4bec1da-10e1-4ae3-846b-d8787f569e39", + "version": "KqlParameterItem/1.0", + "name": "ThreatClassParam", + "label": "Threat Class", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "\"", + "delimiter": ",", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend ThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, ThreatProperty) \r\n| summarize by ThreatClass\r\n| order by ThreatClass asc\r\n| project value = ThreatClass, label = case(ThreatClass == \"\", \"N/A\", ThreatClass)", + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "selectAllValue": "All", + "showDefault": false + }, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "defaultValue": "value::all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "parameters - 6 - Copy - Copy - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let starttime = {TimeRange:start};\r\nlet endtime = {TimeRange:end};\r\n// Finding Tops \r\nlet Top = materialize(CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\" \r\n| where TimeGenerated {TimeRange}\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| where isnotempty(SourceIP)\r\n| summarize count() by SourceIP\r\n| top 15 by count_ \r\n| project SourceIP);\r\n// Filtering datasource to Tops and Plot Time chart\r\nCommonSecurityLog \r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\" \r\n| where TimeGenerated {TimeRange}\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| where SourceIP in ((Top))\r\n| project TimeGenerated, SourceIP\r\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SourceIP\r\n", + "size": 2, + "title": "Top Offending IPs by Time", + "color": "red", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "barchart", + "sortBy": [], + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "DestinationDnsDomain", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "chartSettings": { + "createOtherGroup": 15, + "showLegend": true + } + }, + "name": "Top Offending IPs by Time" + }, + { + "type": 1, + "content": { + "json": "#### Click on a Source IP in the chart below to further drilldown the IP.\r\n\r\n---", + "style": "info" + }, + "name": "text - 17" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| summarize count() by SourceIP\r\n| sort by count_ desc", + "size": 2, + "title": "Total Source IP Hit Count", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "exportFieldName": "SourceIP", + "exportParameterName": "ip", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "SourceIP", + "formatter": 0, + "formatOptions": { + "customColumnWidthSetting": "60%" + } + }, + { + "columnMatch": "count_", + "formatter": 3, + "formatOptions": { + "palette": "greenRed", + "compositeBarSettings": { + "labelText": "", + "columnSettings": [] + }, + "customColumnWidthSetting": "40%" + } + }, + { + "columnMatch": "DestinationDnsDomain", + "formatter": 0, + "formatOptions": { + "customColumnWidthSetting": "60%" + } + } + ], + "rowLimit": 500, + "filter": true, + "sortBy": [ + { + "itemKey": "SourceIP", + "sortOrder": 1 + } + ], + "labelSettings": [ + { + "columnId": "count_", + "label": "Total Hits" + } + ] + }, + "sortBy": [ + { + "itemKey": "SourceIP", + "sortOrder": 1 + } + ], + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "DestinationDnsDomain", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "customWidth": "30", + "name": "Total Source IP Hit Count", + "styleSettings": { + "margin": "0 10px 0 0" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| where '{ip}' == SourceIP \r\n\r\n| parse AdditionalExtensions with * \";InfobloxThreatProperty=\" ThreatProperty \";InfobloxThreatConfidence=\" ThreatConfidence \";InfobloxThreatLevel=\" ThreatLevel_Score\r\n| extend ThreatClass = extract(\"(.*?)_\", 1, ThreatProperty) \r\n| extend ThreatProperty = extract(\"([^_]*$)\", 1, ThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(ThreatLevel_Score)\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| sort by TimeGenerated desc\r\n| project TimeGenerated, SourceIP, DestinationDnsDomain, ThreatLevel, ThreatLevel_Score, ThreatConfidence, Feed, ThreatClass, ThreatProperty, DeviceAction, Message, SourcePort\r\n", + "size": 2, + "title": "Events for {ip}", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "ThreatLevel", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "N/A", + "representation": "gray", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Low", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Info", + "representation": "lightBlue", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Medium", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "High", + "representation": "red", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "ThreatLevel_Score", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "is Empty", + "representation": "gray", + "text": "N/A" + }, + { + "operator": ">=", + "thresholdValue": "80", + "representation": "red", + "text": "{0}{1}" + }, + { + "operator": ">=", + "thresholdValue": "50", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": ">=", + "thresholdValue": "1", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "lightBlue", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ], + "compositeBarSettings": { + "labelText": "[\"ThreatLevel\"]", + "columnSettings": [ + { + "columnName": "ThreatLevel", + "color": "orange" + }, + { + "columnName": "DestinationDnsDomain", + "color": "blue" + } + ] + } + } + }, + { + "columnMatch": "ThreatConfidence", + "formatter": 8, + "formatOptions": { + "min": 0, + "max": 100, + "palette": "purpleBlueGreen", + "compositeBarSettings": { + "labelText": "", + "columnSettings": [] + } + } + }, + { + "columnMatch": "LogSeverity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "0", + "representation": "green", + "text": "N/A" + }, + { + "operator": "==", + "thresholdValue": "1", + "representation": "blue", + "text": "Low/Info" + }, + { + "operator": "==", + "thresholdValue": "5", + "representation": "orange", + "text": "Medium" + }, + { + "operator": "==", + "thresholdValue": "8", + "representation": "red", + "text": "High" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ], + "compositeBarSettings": { + "labelText": "", + "columnSettings": [ + { + "columnName": "LogSeverity", + "color": "blue" + }, + { + "columnName": "DestinationDnsDomain", + "color": "purple" + } + ] + } + } + }, + { + "columnMatch": "Count", + "formatter": 4, + "formatOptions": { + "min": 0, + "palette": "blue" + } + } + ], + "rowLimit": 500, + "filter": true, + "labelSettings": [ + { + "columnId": "TimeGenerated" + }, + { + "columnId": "SourceIP" + }, + { + "columnId": "DestinationDnsDomain" + }, + { + "columnId": "Message" + } + ] + }, + "sortBy": [] + }, + "customWidth": "70", + "conditionalVisibility": { + "parameterName": "ip", + "comparison": "isNotEqualTo" + }, + "showPin": false, + "name": "Events for {ip}" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let starttime = {TimeRange:start};\r\nlet endtime = {TimeRange:end};\r\n// Finding Tops \r\nlet Top = materialize(CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\" \r\n| where TimeGenerated {TimeRange}\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| where '{ip}' == SourceIP \r\n| summarize count() by Feed\r\n| top 10 by count_ \r\n| project Feed);\r\n// Filtering datasource to Tops and Plot Time chart\r\nCommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\" \r\n| where TimeGenerated {TimeRange}\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| where Feed in ((Top))\r\n| where '{ip}' == SourceIP \r\n| project TimeGenerated, Feed\r\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by Feed", + "size": 3, + "title": "Feed Trend for {ip}", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "timechart" + }, + "customWidth": "33", + "conditionalVisibility": { + "parameterName": "ip", + "comparison": "isNotEqualTo" + }, + "name": "Feed Trend for {ip}", + "styleSettings": { + "margin": "0px 10px 0px 0px" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let starttime = {TimeRange:start};\r\nlet endtime = {TimeRange:end};\r\n// Finding Tops \r\nlet Top = materialize(CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\" \r\n| where TimeGenerated {TimeRange}\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend ThreatClass = case(ThreatClass == \"\", \"N/A\", ThreatClass)\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| where '{ip}' == SourceIP \r\n| summarize count() by ThreatClass\r\n| top 10 by count_ \r\n| project ThreatClass);\r\n// Filtering datasource to Tops and Plot Time chart\r\nCommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\" \r\n| where TimeGenerated {TimeRange}\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| extend ThreatClass = case(ThreatClass == \"\", \"N/A\", ThreatClass)\r\n| where ThreatClass in ((Top))\r\n| where '{ip}' == SourceIP \r\n| project TimeGenerated, ThreatClass\r\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatClass", + "size": 3, + "title": "Threat Class Trend for {ip}", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "timechart" + }, + "customWidth": "33", + "conditionalVisibility": { + "parameterName": "ip", + "comparison": "isNotEqualTo" + }, + "name": "Threat Class Trend for {ip}", + "styleSettings": { + "margin": "0px 10px 0px 0px" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| where '{ip}' == SourceIP \r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatLevel", + "size": 2, + "title": "Threat Level Trend for {ip}", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "timechart", + "chartSettings": { + "group": "ThreatLevel", + "createOtherGroup": null, + "seriesLabelSettings": [ + { + "seriesName": "N/A", + "label": "N/A", + "color": "turquoise" + }, + { + "seriesName": "Info", + "label": "", + "color": "lightBlue" + }, + { + "seriesName": "Low", + "label": "", + "color": "yellow" + }, + { + "seriesName": "Medium", + "label": "", + "color": "orange" + }, + { + "seriesName": "High", + "color": "red" + } + ] + } + }, + "customWidth": "33", + "conditionalVisibility": { + "parameterName": "ip", + "comparison": "isNotEqualTo" + }, + "name": "Threat Level Trend for {ip}" + }, + { + "type": 1, + "content": { + "json": "#### The time graph below utilizes Time Brushing. Click and drag between two points of the graph to view events for only that window of time. By not selecting any window you can also view all events for the TimeRange selected at the top of this workbook. \r\n\r\n---", + "style": "info" + }, + "conditionalVisibility": { + "parameterName": "ip", + "comparison": "isNotEqualTo" + }, + "name": "text - 9" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let starttime = {TimeRange:start};\r\nlet endtime = {TimeRange:end};\r\nlet timeframe = 1h;\r\n// Finding Tops \r\nlet Top = materialize(CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\" \r\n| where TimeGenerated {TimeRange}\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| where '{ip}' == SourceIP \r\n| where isnotempty(DestinationDnsDomain)\r\n| summarize count() by DestinationDnsDomain\r\n| top 15 by count_ \r\n| project DestinationDnsDomain);\r\n// Filtering datasource to Tops and Plot Time chart\r\nCommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange}\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel = extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions) \r\n| extend ThreatLevel = toint(ThreatLevel)\r\n| extend ThreatLevel = case(ThreatLevel>=80, \"High\",\r\n ThreatLevel>=50 and ThreatLevel<80, \"Medium\",\r\n ThreatLevel<50 and ThreatLevel>=1, \"Low\",\r\n ThreatLevel == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| where '{ip}' == SourceIP \r\n| where DestinationDnsDomain in ((Top))\r\n| project TimeGenerated, DestinationDnsDomain\r\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DestinationDnsDomain\r\n", + "size": 2, + "title": "Top Domains for {ip} by Time", + "color": "red", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "timeBrushParameterName": "brush", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "timechart", + "sortBy": [], + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "DestinationDnsDomain", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "chartSettings": { + "createOtherGroup": 15, + "showLegend": true + } + }, + "conditionalVisibility": { + "parameterName": "ip", + "comparison": "isNotEqualTo" + }, + "name": "Top Domains for {ip} by Time" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "title": "Total Events for {ip} between {brush:label}", + "items": [ + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} and DeviceEventClassID has_cs \"RPZ\"\r\n| where '{ip}' == SourceIP \r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| summarize count()", + "size": 3, + "title": "Events Count", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto" + } + }, + "showBorder": false + } + }, + "name": "Events Count" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} and DeviceEventClassID has_cs \"RPZ\"\r\n| where '{ip}' == SourceIP \r\n\r\n| parse AdditionalExtensions with * \";InfobloxThreatProperty=\" ThreatProperty \";InfobloxThreatConfidence=\" ThreatConfidence \";InfobloxThreatLevel=\" ThreatLevel_Score\r\n| extend ThreatClass = extract(\"(.*?)_\", 1, ThreatProperty) \r\n| extend ThreatProperty = extract(\"([^_]*$)\", 1, ThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(ThreatLevel_Score)\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| sort by TimeGenerated desc\r\n| project TimeGenerated, SourceIP, DestinationDnsDomain, ThreatLevel, ThreatLevel_Score, ThreatConfidence, Feed, ThreatClass, ThreatProperty, DeviceAction, Message, SourcePort\r\n", + "size": 2, + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "ThreatLevel", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "N/A", + "representation": "gray", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Low", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Info", + "representation": "lightBlue", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Medium", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "High", + "representation": "red", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "ThreatLevel_Score", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "is Empty", + "representation": "gray", + "text": "N/A" + }, + { + "operator": ">=", + "thresholdValue": "80", + "representation": "red", + "text": "{0}{1}" + }, + { + "operator": ">=", + "thresholdValue": "50", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": ">=", + "thresholdValue": "1", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "lightBlue", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ], + "compositeBarSettings": { + "labelText": "[\"ThreatLevel\"]", + "columnSettings": [ + { + "columnName": "ThreatLevel", + "color": "orange" + }, + { + "columnName": "DestinationDnsDomain", + "color": "blue" + } + ] + } + } + }, + { + "columnMatch": "ThreatConfidence", + "formatter": 8, + "formatOptions": { + "min": 0, + "max": 100, + "palette": "purpleBlueGreen", + "compositeBarSettings": { + "labelText": "", + "columnSettings": [] + } + } + }, + { + "columnMatch": "LogSeverity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "0", + "representation": "green", + "text": "N/A" + }, + { + "operator": "==", + "thresholdValue": "1", + "representation": "blue", + "text": "Low/Info" + }, + { + "operator": "==", + "thresholdValue": "5", + "representation": "orange", + "text": "Medium" + }, + { + "operator": "==", + "thresholdValue": "8", + "representation": "red", + "text": "High" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ], + "compositeBarSettings": { + "labelText": "", + "columnSettings": [ + { + "columnName": "LogSeverity", + "color": "blue" + }, + { + "columnName": "DestinationDnsDomain", + "color": "purple" + } + ] + } + } + }, + { + "columnMatch": "Count", + "formatter": 4, + "formatOptions": { + "min": 0, + "palette": "blue" + } + } + ], + "rowLimit": 500, + "filter": true, + "labelSettings": [ + { + "columnId": "TimeGenerated" + }, + { + "columnId": "SourceIP" + }, + { + "columnId": "DestinationDnsDomain" + }, + { + "columnId": "Message" + } + ] + }, + "sortBy": [] + }, + "showPin": false, + "name": "Events for {ip} between {brush:label} - grid" + } + ] + }, + "conditionalVisibility": { + "parameterName": "ip", + "comparison": "isNotEqualTo" + }, + "name": "Total Events for {ip} between {brush:label}" + } + ] + }, + "conditionalVisibility": { + "parameterName": "view", + "comparison": "isEqualTo", + "value": "Events by IP" + }, + "name": "Events by IP" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## Events by Destination Domain\r\n---\r\n#### Get a closer look into what is being queried. \r\nThis section visualizes what domains are producing the most hits. Further drilldown data by destination domain. \r\n\r\nUse the dropdowns below to filter by Threat Level, Feed, and Class." + }, + "name": "text - 6" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "7a14c478-6a17-4750-a9a5-91d65b776a1b", + "version": "KqlParameterItem/1.0", + "name": "ThreatLevelParam", + "label": "Threat Level", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "'", + "delimiter": ",", + "value": [ + "value::all" + ], + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "selectAllValue": "All", + "showDefault": false + }, + "jsonData": "[\r\n { \"value\":\"N/A\"},\r\n { \"value\":\"Info\"},\r\n { \"value\":\"Low\"},\r\n { \"value\":\"Medium\"},\r\n { \"value\":\"High\"}\r\n]", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "defaultValue": "value::all" + }, + { + "id": "9c7f9be1-3480-47c2-b586-d4e2da6bb65c", + "version": "KqlParameterItem/1.0", + "name": "FeedParam", + "label": "Feed", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "\"", + "delimiter": ",", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where isnotempty(Feed)\r\n| summarize by Feed\r\n| order by Feed asc", + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "selectAllValue": "All", + "showDefault": false + }, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "defaultValue": "value::all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "value": [ + "value::all" + ] + }, + { + "id": "092a2314-4295-4902-9f0e-1482545ebe92", + "version": "KqlParameterItem/1.0", + "name": "ThreatClassParam", + "label": "Threat Class", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "\"", + "delimiter": ",", + "query": "let newstr = '';\r\nCommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend ThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, ThreatProperty) \r\n//| where isnotempty(ThreatClass)\r\n| summarize by ThreatClass\r\n| order by ThreatClass asc\r\n| project value = case(ThreatClass == \"\", newstr, ThreatClass), label = case(ThreatClass == \"\", \"N/A\", ThreatClass) //, selected = iff(ThreatClass == \"\", true, false)", + "value": [ + "value::all" + ], + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "selectAllValue": "All", + "showDefault": false + }, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "parameters - 6 - Copy - Copy - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let starttime = {TimeRange:start};\r\nlet endtime = {TimeRange:end};\r\nlet timeframe = 1h;\r\n// Finding Tops \r\nlet Top = materialize(CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\" \r\n| where TimeGenerated {TimeRange}\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| where isnotempty(DestinationDnsDomain)\r\n| summarize count() by DestinationDnsDomain\r\n| top 15 by count_ \r\n| project DestinationDnsDomain);\r\n// Filtering datasource to Tops and Plot Time chart\r\nCommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange}\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| where DestinationDnsDomain in ((Top))\r\n| project TimeGenerated, DestinationDnsDomain\r\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DestinationDnsDomain\r\n", + "size": 2, + "title": "Top Offending Domains by Time", + "color": "red", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "barchart", + "sortBy": [], + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "DestinationDnsDomain", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "chartSettings": { + "createOtherGroup": 15, + "showLegend": true + } + }, + "name": "Top Offending Domains by Time" + }, + { + "type": 1, + "content": { + "json": "#### Click on a Domain in the chart below to further drilldown the domain.\r\n\r\n---", + "style": "info" + }, + "name": "text - 14" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| summarize count() by DestinationDnsDomain\r\n| sort by count_ desc", + "size": 2, + "title": "Total Offending Domain Hit Count", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "exportFieldName": "DestinationDnsDomain", + "exportParameterName": "domain", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "DestinationDnsDomain", + "formatter": 0, + "formatOptions": { + "customColumnWidthSetting": "60%" + } + }, + { + "columnMatch": "count_", + "formatter": 3, + "formatOptions": { + "palette": "greenRed", + "compositeBarSettings": { + "labelText": "", + "columnSettings": [] + }, + "customColumnWidthSetting": "40%" + } + } + ], + "rowLimit": 500, + "filter": true, + "labelSettings": [ + { + "columnId": "DestinationDnsDomain" + }, + { + "columnId": "count_", + "label": "Total Hits" + } + ] + }, + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "DestinationDnsDomain", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "customWidth": "30", + "name": "Total Offending Domain Hit Count", + "styleSettings": { + "margin": "0 10px 0 0" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| where '{domain}' == DestinationDnsDomain \r\n\r\n| parse AdditionalExtensions with * \";InfobloxThreatProperty=\" ThreatProperty \";InfobloxThreatConfidence=\" ThreatConfidence \";InfobloxThreatLevel=\" ThreatLevel_Score\r\n| extend ThreatClass = extract(\"(.*?)_\", 1, ThreatProperty) \r\n| extend ThreatProperty = extract(\"([^_]*$)\", 1, ThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(ThreatLevel_Score)\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| sort by TimeGenerated desc\r\n| project TimeGenerated, DestinationDnsDomain, SourceIP, ThreatLevel, ThreatLevel_Score, ThreatConfidence, Feed, ThreatClass, ThreatProperty, DeviceAction, Message, SourcePort\r\n", + "size": 2, + "title": "Events for {domain}", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "ThreatLevel", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "N/A", + "representation": "gray", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Low", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Info", + "representation": "lightBlue", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Medium", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "High", + "representation": "red", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "ThreatLevel_Score", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "is Empty", + "representation": "gray", + "text": "N/A" + }, + { + "operator": ">=", + "thresholdValue": "80", + "representation": "red", + "text": "{0}{1}" + }, + { + "operator": ">=", + "thresholdValue": "50", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": ">=", + "thresholdValue": "1", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "lightBlue", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "text": "" + } + ], + "compositeBarSettings": { + "labelText": "[\"ThreatLevel\"]", + "columnSettings": [ + { + "columnName": "ThreatLevel", + "color": "orange" + }, + { + "columnName": "DestinationDnsDomain", + "color": "blue" + } + ] + } + } + }, + { + "columnMatch": "ThreatConfidence", + "formatter": 8, + "formatOptions": { + "min": 0, + "max": 100, + "palette": "purpleBlueGreen", + "compositeBarSettings": { + "labelText": "", + "columnSettings": [] + } + } + }, + { + "columnMatch": "LogSeverity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "0", + "representation": "green", + "text": "N/A" + }, + { + "operator": "==", + "thresholdValue": "1", + "representation": "blue", + "text": "Low/Info" + }, + { + "operator": "==", + "thresholdValue": "5", + "representation": "orange", + "text": "Medium" + }, + { + "operator": "==", + "thresholdValue": "8", + "representation": "red", + "text": "High" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ], + "compositeBarSettings": { + "labelText": "", + "columnSettings": [ + { + "columnName": "LogSeverity", + "color": "blue" + }, + { + "columnName": "DestinationDnsDomain", + "color": "purple" + } + ] + } + } + }, + { + "columnMatch": "Count", + "formatter": 4, + "formatOptions": { + "min": 0, + "palette": "blue" + } + } + ], + "rowLimit": 500, + "filter": true, + "labelSettings": [ + { + "columnId": "TimeGenerated" + }, + { + "columnId": "DestinationDnsDomain" + }, + { + "columnId": "SourceIP" + }, + { + "columnId": "ThreatLevel" + }, + { + "columnId": "ThreatLevel_Score", + "label": "" + }, + { + "columnId": "ThreatConfidence" + }, + { + "columnId": "Feed" + }, + { + "columnId": "ThreatClass" + }, + { + "columnId": "ThreatProperty" + }, + { + "columnId": "DeviceAction" + }, + { + "columnId": "Message" + }, + { + "columnId": "SourcePort" + } + ] + }, + "sortBy": [] + }, + "customWidth": "70", + "conditionalVisibility": { + "parameterName": "domain", + "comparison": "isNotEqualTo" + }, + "showPin": false, + "name": "Events for {domain}" + }, + { + "type": 1, + "content": { + "json": "#### The time graph below utilizes Time Brushing. Click and drag between two points of the graph to view events for only that window of time. By not selecting any window you can also view all events for the TimeRange selected at the top of this workbook. \r\n\r\n---", + "style": "info" + }, + "conditionalVisibility": { + "parameterName": "domain", + "comparison": "isNotEqualTo" + }, + "name": "text - 7" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let starttime = {TimeRange:start};\r\nlet endtime = {TimeRange:end};\r\nlet timeframe = 1h;\r\n// Finding Tops \r\nlet Top = materialize(CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\" \r\n| where TimeGenerated {TimeRange}\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| where '{domain}' == DestinationDnsDomain\r\n| where isnotempty(SourceIP)\r\n| summarize count() by SourceIP\r\n| top 15 by count_ \r\n| project SourceIP);\r\n// Filtering datasource to Tops and Plot Time chart\r\nCommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange}\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| where '{domain}' == DestinationDnsDomain\r\n| where SourceIP in ((Top))\r\n| project TimeGenerated, SourceIP\r\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SourceIP\r\n", + "size": 2, + "title": "Top IPs Querying {domain} by Time", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "timeBrushParameterName": "brush", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "timechart", + "sortBy": [], + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "DestinationDnsDomain", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "chartSettings": { + "showLegend": true + } + }, + "conditionalVisibility": { + "parameterName": "domain", + "comparison": "isNotEqualTo" + }, + "name": "Top IPs Querying {domain} by Time" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "title": "Events for {domain} between {brush:label}", + "items": [ + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel = extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions) \r\n| extend ThreatLevel = toint(ThreatLevel)\r\n| extend ThreatLevel = case(ThreatLevel>=80, \"High\",\r\n ThreatLevel>=50 and ThreatLevel<80, \"Medium\",\r\n ThreatLevel<50 and ThreatLevel>=1, \"Low\",\r\n ThreatLevel == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| where '{domain}' == DestinationDnsDomain \r\n| summarize count()", + "size": 3, + "title": "Events Count", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": {}, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto" + } + }, + "showBorder": false + } + }, + "name": "Events Count" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} and DeviceEventClassID has_cs \"RPZ\"\r\n| where '{domain}' == DestinationDnsDomain \r\n\r\n| parse AdditionalExtensions with * \";InfobloxThreatProperty=\" ThreatProperty \";InfobloxThreatConfidence=\" ThreatConfidence \";InfobloxThreatLevel=\" ThreatLevel_Score\r\n| extend ThreatClass = extract(\"(.*?)_\", 1, ThreatProperty) \r\n| extend ThreatProperty = extract(\"([^_]*$)\", 1, ThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(ThreatLevel_Score)\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| sort by TimeGenerated desc\r\n| project TimeGenerated, DestinationDnsDomain, SourceIP, ThreatLevel, ThreatLevel_Score, ThreatConfidence, Feed, ThreatClass, ThreatProperty, DeviceAction, Message, SourcePort\r\n", + "size": 2, + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "ThreatLevel", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "N/A", + "representation": "gray", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Low", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Info", + "representation": "lightBlue", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Medium", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "High", + "representation": "red", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "ThreatLevel_Score", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "is Empty", + "representation": "gray", + "text": "N/A" + }, + { + "operator": ">=", + "thresholdValue": "80", + "representation": "red", + "text": "{0}{1}" + }, + { + "operator": ">=", + "thresholdValue": "50", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": ">=", + "thresholdValue": "1", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "lightBlue", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "text": "" + } + ], + "compositeBarSettings": { + "labelText": "[\"ThreatLevel\"]", + "columnSettings": [ + { + "columnName": "ThreatLevel", + "color": "orange" + }, + { + "columnName": "DestinationDnsDomain", + "color": "blue" + } + ] + } + } + }, + { + "columnMatch": "ThreatConfidence", + "formatter": 8, + "formatOptions": { + "min": 0, + "max": 100, + "palette": "purpleBlueGreen", + "compositeBarSettings": { + "labelText": "", + "columnSettings": [] + } + } + }, + { + "columnMatch": "LogSeverity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "0", + "representation": "green", + "text": "N/A" + }, + { + "operator": "==", + "thresholdValue": "1", + "representation": "blue", + "text": "Low/Info" + }, + { + "operator": "==", + "thresholdValue": "5", + "representation": "orange", + "text": "Medium" + }, + { + "operator": "==", + "thresholdValue": "8", + "representation": "red", + "text": "High" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ], + "compositeBarSettings": { + "labelText": "", + "columnSettings": [ + { + "columnName": "LogSeverity", + "color": "blue" + }, + { + "columnName": "DestinationDnsDomain", + "color": "purple" + } + ] + } + } + }, + { + "columnMatch": "Count", + "formatter": 4, + "formatOptions": { + "min": 0, + "palette": "blue" + } + } + ], + "rowLimit": 500, + "filter": true, + "labelSettings": [ + { + "columnId": "TimeGenerated" + }, + { + "columnId": "DestinationDnsDomain" + }, + { + "columnId": "SourceIP" + }, + { + "columnId": "ThreatLevel" + }, + { + "columnId": "ThreatLevel_Score", + "label": "" + }, + { + "columnId": "ThreatConfidence" + }, + { + "columnId": "Feed" + }, + { + "columnId": "ThreatClass" + }, + { + "columnId": "ThreatProperty" + }, + { + "columnId": "DeviceAction" + }, + { + "columnId": "Message" + }, + { + "columnId": "SourcePort" + } + ] + }, + "sortBy": [] + }, + "showPin": false, + "name": "Domain RPZ Events - grid" + } + ] + }, + "conditionalVisibility": { + "parameterName": "domain", + "comparison": "isNotEqualTo" + }, + "name": "Events for {domain} between {brush:label}" + } + ] + }, + "conditionalVisibility": { + "parameterName": "view", + "comparison": "isEqualTo", + "value": "Events by Domain" + }, + "name": "Events by Domain" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## Overview\r\n---\r\n#### Top level insight into the overall health of your data.\r\n\r\nUse the dropdowns below to filter by Threat Level, Feed and Class.\r\n\r\n" + }, + "name": "text - 8" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "5b2e1804-a9a6-4b86-8a6e-27fd0ab029b5", + "version": "KqlParameterItem/1.0", + "name": "ThreatLevelParam", + "label": "Threat Level", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "'", + "delimiter": ",", + "value": [ + "value::all" + ], + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "selectAllValue": "All", + "showDefault": false + }, + "jsonData": "[\r\n { \"value\":\"N/A\"},\r\n { \"value\":\"Info\"},\r\n { \"value\":\"Low\"},\r\n { \"value\":\"Medium\"},\r\n { \"value\":\"High\"}\r\n]", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "defaultValue": "value::all" + }, + { + "id": "1bc7a1f9-d3bd-4e0f-b5ae-4dc8ba8a1463", + "version": "KqlParameterItem/1.0", + "name": "FeedParam", + "label": "Feed", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "\"", + "delimiter": ",", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where isnotempty(Feed)\r\n| summarize by Feed\r\n| order by Feed asc", + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "selectAllValue": "All", + "showDefault": false + }, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "defaultValue": "value::all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "value": [ + "value::all" + ] + }, + { + "id": "1eedd218-57c0-43e3-a306-a716380b05e6", + "version": "KqlParameterItem/1.0", + "name": "ThreatClassParam", + "label": "Threat Class", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "\"", + "delimiter": ",", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend ThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, ThreatProperty) \r\n| summarize by ThreatClass\r\n| order by ThreatClass asc\r\n| project value = ThreatClass, label = case(ThreatClass == \"\", \"N/A\", ThreatClass)", + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "selectAllValue": "All", + "showDefault": false + }, + "timeContext": { + "durationMs": 604800000 + }, + "timeContextFromParameter": "TimeRange", + "defaultValue": "value::all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "value": [ + "value::all" + ] + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "parameters - 6 - Copy - Copy" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| summarize count()", + "size": 3, + "title": "Total Hits", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "gridSettings": { + "rowLimit": 200, + "sortBy": [ + { + "itemKey": "InfobloxThreatLevel", + "sortOrder": 1 + } + ] + }, + "sortBy": [ + { + "itemKey": "InfobloxThreatLevel", + "sortOrder": 1 + } + ], + "tileSettings": { + "titleContent": { + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto" + } + }, + "showBorder": false + } + }, + "customWidth": "33", + "name": "Total Hits" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| summarize count()", + "size": 3, + "title": "Total Category Filter Hits", + "color": "orange", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "yellowGreenBlue" + } + }, + "showBorder": false + } + }, + "customWidth": "33", + "name": "Total Category Filter Hits" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions !contains \"InfobloxRPZ=CAT_\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| summarize count()", + "size": 3, + "title": "Total Non-Category Filter Hits", + "color": "orange", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "coldHot" + } + }, + "showBorder": false + } + }, + "customWidth": "33", + "name": "Total Non-Category Filter Hits" + } + ] + }, + "name": "Totals" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| make-series Hits = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}", + "size": 0, + "title": "Hits over Time", + "color": "orange", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "areachart" + }, + "name": "Hits over Time" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| summarize count() by DestinationDnsDomain\r\n| top 50 by count_ desc", + "size": 3, + "title": "Top Offending Domains", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "gridSettings": { + "filter": true + }, + "tileSettings": { + "titleContent": { + "columnMatch": "DestinationDnsDomain", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto" + } + }, + "showBorder": false + }, + "chartSettings": { + "createOtherGroup": 0 + } + }, + "name": "Top Offending Domains" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| summarize count() by SourceIP\r\n| top 20 by count_ desc", + "size": 0, + "title": "Top Offending IPs", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "barchart", + "chartSettings": { + "createOtherGroup": 0 + } + }, + "name": "Top Offending IPs" + }, + { + "type": 1, + "content": { + "json": "---\r\n## Threat Level" + }, + "name": "text - 8" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "datatable (Count:long, ThreatLevel:string, ThreatLevel_count:long) [0,\"N/A\",1, 0,\"Info\",2, 0,\"Low\",3, 0,\"Medium\",4, 0,\"High\",5]\r\n|union\r\n(\r\nCommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| extend ThreatLevel_count = case(ThreatLevel == \"High\", 5, ThreatLevel==\"Medium\", 4, ThreatLevel==\"Low\", 3, ThreatLevel==\"Info\", 2, 1)\r\n| summarize Count = count() by ThreatLevel, ThreatLevel_count\r\n)\r\n| summarize Count=sum(Count) by ThreatLevel, ThreatLevel_count\r\n| sort by ThreatLevel_count asc", + "size": 2, + "title": "Total Hit Count by Threat Level", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "graph", + "tileSettings": { + "titleContent": { + "columnMatch": "ThreatLevel", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "High", + "representation": "red", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Medium", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Low", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Info", + "representation": "lightBlue", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "N/A", + "representation": "gray", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "yellowOrangeRed" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "useGrouping": false, + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "showBorder": false, + "sortCriteriaField": "status_count", + "sortOrderField": 1, + "size": "auto" + }, + "graphSettings": { + "type": 2, + "topContent": { + "columnMatch": "ThreatLevel", + "formatter": 1 + }, + "centerContent": { + "columnMatch": "Count", + "formatter": 1, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "useGrouping": false, + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "nodeIdField": "Count", + "graphOrientation": 3, + "showOrientationToggles": false, + "nodeSize": null, + "staticNodeSize": 100, + "colorSettings": { + "nodeColorField": "ThreatLevel", + "type": 3, + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "N/A", + "representation": "gray" + }, + { + "operator": "==", + "thresholdValue": "Info", + "representation": "lightBlue" + }, + { + "operator": "==", + "thresholdValue": "Low", + "representation": "yellow" + }, + { + "operator": "==", + "thresholdValue": "Medium", + "representation": "orange" + }, + { + "operator": "==", + "thresholdValue": "High", + "representation": "red" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "gray" + } + ] + }, + "hivesMargin": 5 + } + }, + "customWidth": "30", + "name": "Total Hit Count by Threat Level" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatLevel", + "size": 2, + "title": "Threat Level Trend", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "timechart", + "chartSettings": { + "showLegend": true, + "seriesLabelSettings": [ + { + "seriesName": "High", + "color": "red" + }, + { + "seriesName": "N/A", + "color": "gray" + }, + { + "seriesName": "Low", + "color": "yellow" + }, + { + "seriesName": "Medium", + "color": "orange" + }, + { + "seriesName": "Info", + "color": "lightBlue" + } + ] + } + }, + "customWidth": "70", + "name": "Threat Level Trend" + }, + { + "type": 1, + "content": { + "json": "---\r\n## Feed" + }, + "name": "text - 8 - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| summarize count() by Feed\r\n| order by Feed desc", + "size": 2, + "title": "Total Hit Count by Feed", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Feed", + "formatter": 0, + "formatOptions": { + "customColumnWidthSetting": "50%" + } + }, + { + "columnMatch": "count_", + "formatter": 3, + "formatOptions": { + "palette": "greenRed", + "compositeBarSettings": { + "labelText": "", + "columnSettings": [] + }, + "customColumnWidthSetting": "50%" + } + } + ], + "rowLimit": 500, + "filter": true, + "sortBy": [ + { + "itemKey": "Feed", + "sortOrder": 1 + } + ], + "labelSettings": [ + { + "columnId": "Feed" + }, + { + "columnId": "count_", + "label": "Total Hits" + } + ] + }, + "sortBy": [ + { + "itemKey": "Feed", + "sortOrder": 1 + } + ], + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "DestinationDnsDomain", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "customWidth": "30", + "name": "Total Hit Count by Feed", + "styleSettings": { + "margin": "0 10px 0 0" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let starttime = {TimeRange:start};\r\nlet endtime = {TimeRange:end};\r\n// Finding Tops \r\nlet Top = materialize(CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\" \r\n| where TimeGenerated {TimeRange}\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| summarize count() by Feed\r\n| top 10 by count_ \r\n| project Feed);\r\n// Filtering datasource to Tops and Plot Time chart\r\nCommonSecurityLog \r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange}\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| where Feed in ((Top))\r\n| project TimeGenerated, Feed\r\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by Feed", + "size": 2, + "title": "Feed Trend", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "timechart", + "chartSettings": { + "showLegend": true, + "seriesLabelSettings": [ + { + "seriesName": "0", + "label": "N/A", + "color": "green" + }, + { + "seriesName": "1", + "label": "Low/Info", + "color": "blue" + }, + { + "seriesName": "8", + "label": "High", + "color": "red" + }, + { + "seriesName": "5", + "label": "Medium", + "color": "orange" + } + ] + } + }, + "customWidth": "70", + "name": "Feed Trend", + "styleSettings": { + "margin": "0px" + } + }, + { + "type": 1, + "content": { + "json": "---\r\n## Class" + }, + "name": "text - 8 - Copy - Copy - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| extend ThreatClass = case(ThreatClass == \"\", \"N/A\", ThreatClass)\r\n| summarize count() by ThreatClass\r\n| order by ThreatClass asc\r\n\r\n\r\n", + "size": 2, + "title": "Total Hit Count by Class", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "count_", + "formatter": 3, + "formatOptions": { + "palette": "greenRed", + "compositeBarSettings": { + "labelText": "", + "columnSettings": [] + }, + "customColumnWidthSetting": "50%" + } + }, + { + "columnMatch": "Feed", + "formatter": 0, + "formatOptions": { + "customColumnWidthSetting": "50%" + } + } + ], + "rowLimit": 500, + "filter": true, + "labelSettings": [ + { + "columnId": "ThreatClass" + }, + { + "columnId": "count_", + "label": "Total Hits" + } + ] + }, + "sortBy": [], + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "DestinationDnsDomain", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "customWidth": "30", + "name": "Total Hit Count by Class", + "styleSettings": { + "margin": "0 10px 0 0" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let starttime = {TimeRange:start};\r\nlet endtime = {TimeRange:end};\r\n// Finding Tops \r\nlet Top = materialize(CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\" \r\n| where TimeGenerated {TimeRange}\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend ThreatClass = case(ThreatClass == \"\", \"N/A\", ThreatClass)\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| summarize count() by ThreatClass\r\n| top 10 by count_ \r\n| project ThreatClass);\r\n// Filtering datasource to Tops and Plot Time chart\r\nCommonSecurityLog \r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange}\r\n| where DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| extend ThreatClass = case(ThreatClass == \"\", \"N/A\", ThreatClass)\r\n| where ThreatClass in ((Top))\r\n| project TimeGenerated, ThreatClass\r\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatClass", + "size": 2, + "title": "Class Trend", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "timechart", + "chartSettings": { + "showLegend": true + } + }, + "customWidth": "70", + "name": "Class Trend", + "styleSettings": { + "margin": "0px" + } + }, + { + "type": 1, + "content": { + "json": "---\r\n## Action" + }, + "name": "text - 8 - Copy - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| summarize count() by DeviceAction\r\n| top 10 by count_ desc", + "size": 2, + "title": "Total Hit Count By Action", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "chartSettings": { + "createOtherGroup": 10 + } + }, + "customWidth": "30", + "name": "Total Hit Count By Action" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| extend InfobloxThreatProperty = extract(\"InfobloxThreatProperty=(.*?);\", 1, AdditionalExtensions) \r\n| extend ThreatClass = extract(\"(.*?)_\", 1, InfobloxThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(extract(\"InfobloxThreatLevel=(.*)\", 1, AdditionalExtensions))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DeviceAction", + "size": 2, + "title": "Action Trend", + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "timechart", + "chartSettings": { + "showLegend": true, + "seriesLabelSettings": [ + { + "seriesName": "0", + "label": "N/A", + "color": "green" + }, + { + "seriesName": "1", + "label": "Low/Info", + "color": "blue" + }, + { + "seriesName": "8", + "label": "High", + "color": "red" + }, + { + "seriesName": "5", + "label": "Medium", + "color": "orange" + } + ] + } + }, + "customWidth": "70", + "name": "Action Trend", + "styleSettings": { + "margin": "0px" + } + }, + { + "type": 1, + "content": { + "json": "---\r\n## Events" + }, + "name": "text - 8 - Copy - Copy - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\"\r\n| parse AdditionalExtensions with * \";InfobloxThreatProperty=\" ThreatProperty \";InfobloxThreatConfidence=\" ThreatConfidence \";InfobloxThreatLevel=\" ThreatLevel_Score\r\n| extend ThreatClass = extract(\"(.*?)_\", 1, ThreatProperty) \r\n| extend ThreatProperty = extract(\"([^_]*$)\", 1, ThreatProperty) \r\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' == \"All\"\r\n| extend Feed = extract(\"InfobloxRPZ=(.*?);\", 1, AdditionalExtensions) \r\n| where Feed in ({FeedParam}) or '{FeedParam:label}' == \"All\"\r\n| extend ThreatLevel_Score = toint(ThreatLevel_Score)\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n ThreatLevel_Score>=50 and ThreatLevel_Score<80, \"Medium\",\r\n ThreatLevel_Score<50 and ThreatLevel_Score>=1, \"Low\",\r\n ThreatLevel_Score == 0,\"Info\",\r\n \"N/A\" )\r\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' == \"All\"\r\n| sort by TimeGenerated desc\r\n| project TimeGenerated, DestinationDnsDomain, SourceIP, ThreatLevel, ThreatLevel_Score, ThreatConfidence, Feed, ThreatClass, ThreatProperty, DeviceAction, Message, SourcePort\r\n", + "size": 2, + "timeContext": { + "durationMs": 259200000 + }, + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "ThreatLevel", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "N/A", + "representation": "gray", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Low", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Info", + "representation": "lightBlue", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Medium", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "High", + "representation": "red", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "ThreatLevel_Score", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "is Empty", + "representation": "gray", + "text": "N/A" + }, + { + "operator": ">=", + "thresholdValue": "80", + "representation": "red", + "text": "{0}{1}" + }, + { + "operator": ">=", + "thresholdValue": "50", + "representation": "orange", + "text": "{0}{1}" + }, + { + "operator": ">=", + "thresholdValue": "1", + "representation": "yellow", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "lightBlue", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "text": "" + } + ], + "compositeBarSettings": { + "labelText": "[\"ThreatLevel\"]", + "columnSettings": [ + { + "columnName": "ThreatLevel", + "color": "orange" + }, + { + "columnName": "DestinationDnsDomain", + "color": "blue" + } + ] + } + } + }, + { + "columnMatch": "ThreatConfidence", + "formatter": 8, + "formatOptions": { + "min": 0, + "max": 100, + "palette": "purpleBlueGreen", + "compositeBarSettings": { + "labelText": "", + "columnSettings": [] + } + } + }, + { + "columnMatch": "LogSeverity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "0", + "representation": "green", + "text": "N/A" + }, + { + "operator": "==", + "thresholdValue": "1", + "representation": "blue", + "text": "Low/Info" + }, + { + "operator": "==", + "thresholdValue": "5", + "representation": "orange", + "text": "Medium" + }, + { + "operator": "==", + "thresholdValue": "8", + "representation": "red", + "text": "High" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ], + "compositeBarSettings": { + "labelText": "", + "columnSettings": [ + { + "columnName": "LogSeverity", + "color": "blue" + }, + { + "columnName": "DestinationDnsDomain", + "color": "purple" + } + ] + } + } + }, + { + "columnMatch": "Count", + "formatter": 4, + "formatOptions": { + "min": 0, + "palette": "blue" + } + } + ], + "rowLimit": 500, + "filter": true, + "sortBy": [ + { + "itemKey": "$gen_heatmap_ThreatConfidence_5", + "sortOrder": 2 + } + ], + "labelSettings": [ + { + "columnId": "TimeGenerated" + }, + { + "columnId": "DestinationDnsDomain" + }, + { + "columnId": "SourceIP" + }, + { + "columnId": "ThreatLevel" + }, + { + "columnId": "ThreatLevel_Score", + "label": "" + }, + { + "columnId": "ThreatConfidence" + }, + { + "columnId": "Feed" + }, + { + "columnId": "ThreatClass" + }, + { + "columnId": "ThreatProperty" + }, + { + "columnId": "DeviceAction" + }, + { + "columnId": "Message" + }, + { + "columnId": "SourcePort" + } + ] + }, + "sortBy": [ + { + "itemKey": "$gen_heatmap_ThreatConfidence_5", + "sortOrder": 2 + } + ] + }, + "showPin": false, + "name": "RPZ Events" + } + ] + }, + "conditionalVisibility": { + "parameterName": "view", + "comparison": "isEqualTo", + "value": "Overview" + }, + "name": "Overview" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## Category Filters \r\n---\r\n\r\nCategory filters are content categorization rules that BloxOne Threat Defense Cloud uses to detect and filter specific internet content. Based on your configuration, specific actions such as Allow or Block will be taken on the detected content. BloxOne Threat Defense Cloud provides the following content categories from which you can build your category filters: \r\n\r\n* Drugs\r\n* Risk/Fraud/Crime \r\n* Entertainment/Culture\r\n* Purchasing \r\n* Information/Communication \r\n* Business/Services\r\n* Information Technology \r\n* Lifestyle\r\n* Society/Education/Religion\r\n* Mature/Violent\r\n* Games/Gambling\r\n* Pornography/Nudity\r\n* Uncategorized\r\n\r\nEach of these categories contains sub-categories that further define the respective content. For example, the Drugs category includes the following sub-categories: Tobacco, Alcohol, and Drugs. When you configure your category filter, you can add as many categories and sub-categories as you need. For example, if you want BloxOne Threat Defense Cloud to detect and block internet content related to tobacco and alcohol, you select and add these sub-categories while configuring your category filter. You then add the category filter to your security policy and assign the Block action for the filter." + }, + "name": "text - 2", + "styleSettings": { + "margin": "0px" + } + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| summarize count()", + "size": 3, + "title": "Total Category Filter Hits", + "color": "orange", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "yellowGreenBlue" + } + }, + "showBorder": false + } + }, + "name": "Total Category Filter Hits" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "title": "Top Category Filter Hits", + "items": [ + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "be7263d9-229e-4875-a60a-76114659b718", + "version": "KqlParameterItem/1.0", + "name": "CatFilterSorter", + "label": "Sort Tiles By", + "type": 2, + "isRequired": true, + "typeSettings": { + "additionalResourceOptions": [], + "showDefault": false + }, + "jsonData": "[\r\n { \"value\":\"count_ desc\", \"label\":\"Hit Count\", \"selected\":true },\r\n { \"value\":\"DestinationDnsDomain asc, count_ desc\", \"label\":\"Domain Name\" },\r\n { \"value\":\"CategoryFilter asc, count_ desc\", \"label\":\"Filter Type\" }\r\n]", + "timeContext": { + "durationMs": 86400000 + } + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "Top Category Filters RPZ Hits", + "styleSettings": { + "margin": "0px 0px 0px 10px" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| extend CategoryFilter = extract(\"InfobloxDomainCat=(.*?);\", 1, AdditionalExtensions) \r\n| summarize count() by DestinationDnsDomain, CategoryFilter\r\n| sort by {CatFilterSorter}\r\n| take 50\r\n", + "size": 3, + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "gridSettings": { + "filter": true + }, + "tileSettings": { + "titleContent": { + "columnMatch": "DestinationDnsDomain", + "formatter": 1 + }, + "subtitleContent": { + "columnMatch": "CategoryFilter", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto", + "bladeOpenContext": { + "bladeParameters": [] + } + } + }, + "showBorder": false, + "rowLimit": 50, + "sortOrderField": 1 + }, + "graphSettings": { + "type": 0, + "topContent": { + "columnMatch": "DestinationDnsDomain", + "formatter": 1 + }, + "centerContent": { + "columnMatch": "count_", + "formatter": 1, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "name": "Tops", + "styleSettings": { + "margin": "-20px 0px 0px 0px" + } + } + ] + }, + "name": "Top Category Filter Hits", + "styleSettings": { + "margin": "10px" + } + } + ] + }, + "name": "Overview", + "styleSettings": { + "margin": "0px" + } + }, + { + "type": 1, + "content": { + "json": "---\r\n## By Type" + }, + "name": "text - 4" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let starttime = {TimeRange:start};\r\nlet endtime = {TimeRange:end};\r\n// Finding Tops \r\nlet Top = materialize(CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\" \r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| extend CategoryFilter = extract(\"InfobloxDomainCat=(.*?);\", 1, AdditionalExtensions)\r\n| summarize count() by CategoryFilter\r\n| top 15 by count_ \r\n| project CategoryFilter);\r\n// Filtering datasource to Tops and Plot Time chart\r\nCommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| extend CategoryFilter = extract(\"InfobloxDomainCat=(.*?);\", 1, AdditionalExtensions)\r\n| where CategoryFilter in ((Top))\r\n| project TimeGenerated, CategoryFilter\r\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by CategoryFilter", + "size": 2, + "title": "Top Offending Category Filter Types by Time", + "color": "red", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "barchart", + "chartSettings": { + "createOtherGroup": 15, + "showLegend": true + } + }, + "name": "Top Offending Category Filter Types by Time" + }, + { + "type": 1, + "content": { + "json": "#### Click on a Category Filter in the chart below to further drilldown the Filter.\r\n---", + "style": "info" + }, + "name": "text - 3" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| extend CategoryFilter = extract(\"InfobloxDomainCat=(.*?);\", 1, AdditionalExtensions) \r\n| summarize count() by CategoryFilter\r\n| sort by count_ desc", + "size": 2, + "title": "Total Category Filter Hit Count", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "exportFieldName": "CategoryFilter", + "exportParameterName": "filter", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "CategoryFilter", + "formatter": 0, + "formatOptions": { + "customColumnWidthSetting": "60%" + } + }, + { + "columnMatch": "count_", + "formatter": 3, + "formatOptions": { + "palette": "greenRed", + "compositeBarSettings": { + "labelText": "", + "columnSettings": [] + }, + "customColumnWidthSetting": "40%" + } + } + ], + "filter": true, + "labelSettings": [ + { + "columnId": "count_", + "label": "Total Hits" + } + ] + }, + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "DestinationDnsDomain", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "customWidth": "30", + "name": "Total Category Filter Hit Count", + "styleSettings": { + "margin": "0 10px 0 0" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n | where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| extend CategoryFilter = extract(\"InfobloxDomainCat=(.*?);\", 1, AdditionalExtensions)\r\n| where '{filter}' == CategoryFilter\r\n| sort by TimeGenerated desc, SourceIP desc\r\n| project TimeGenerated, CategoryFilter, SourceIP, DestinationDnsDomain, LogSeverity, DeviceAction, Message, SourcePort\r\n", + "size": 2, + "title": "Events for {filter}", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "LogSeverity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "gray", + "text": "N/A" + } + ], + "compositeBarSettings": { + "labelText": "", + "columnSettings": [ + { + "columnName": "LogSeverity", + "color": "blue" + }, + { + "columnName": "DestinationDnsDomain", + "color": "purple" + } + ] + } + } + }, + { + "columnMatch": "Message", + "formatter": 0, + "formatOptions": { + "customColumnWidthSetting": "40%" + } + }, + { + "columnMatch": "Count", + "formatter": 4, + "formatOptions": { + "min": 0, + "palette": "blue" + } + } + ], + "rowLimit": 500, + "filter": true, + "sortBy": [ + { + "itemKey": "DestinationDnsDomain", + "sortOrder": 1 + } + ], + "labelSettings": [ + { + "columnId": "TimeGenerated" + }, + { + "columnId": "CategoryFilter" + }, + { + "columnId": "SourceIP" + }, + { + "columnId": "DestinationDnsDomain" + }, + { + "columnId": "LogSeverity", + "label": "ThreatLevel" + }, + { + "columnId": "DeviceAction" + }, + { + "columnId": "Message" + } + ] + }, + "sortBy": [ + { + "itemKey": "DestinationDnsDomain", + "sortOrder": 1 + } + ] + }, + "customWidth": "70", + "conditionalVisibility": { + "parameterName": "filter", + "comparison": "isNotEqualTo" + }, + "showPin": false, + "name": "Events for {filter}" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| extend CategoryFilter = extract(\"InfobloxDomainCat=(.*?);\", 1, AdditionalExtensions)\r\n| where '{filter}' == CategoryFilter \r\n| summarize count() by SourceIP\r\n| top 10 by count_ desc\r\n", + "size": 2, + "title": "Top IPs for {filter}", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "barchart", + "gridSettings": { + "formatters": [ + { + "columnMatch": "LogSeverity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "0", + "representation": "green", + "text": "N/A" + }, + { + "operator": "==", + "thresholdValue": "1", + "representation": "blue", + "text": "Low/Info" + }, + { + "operator": "==", + "thresholdValue": "5", + "representation": "orange", + "text": "Medium" + }, + { + "operator": "==", + "thresholdValue": "8", + "representation": "red", + "text": "High" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ], + "compositeBarSettings": { + "labelText": "", + "columnSettings": [ + { + "columnName": "LogSeverity", + "color": "blue" + }, + { + "columnName": "DestinationDnsDomain", + "color": "purple" + } + ] + } + } + }, + { + "columnMatch": "Count", + "formatter": 4, + "formatOptions": { + "min": 0, + "palette": "blue" + } + } + ], + "rowLimit": 500, + "filter": true, + "labelSettings": [ + { + "columnId": "SourceIP" + }, + { + "columnId": "TimeGenerated" + }, + { + "columnId": "LogSeverity", + "label": "Threat Level" + }, + { + "columnId": "DestinationDnsDomain" + }, + { + "columnId": "Activity" + }, + { + "columnId": "Message" + }, + { + "columnId": "ApplicationProtocol" + } + ] + }, + "sortBy": [] + }, + "customWidth": "25", + "conditionalVisibility": { + "parameterName": "filter", + "comparison": "isNotEqualTo" + }, + "showPin": false, + "name": "Top IPs for {filter}" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let starttime = {TimeRange:start};\r\nlet endtime = {TimeRange:end};\r\n// Finding Tops \r\nlet Top = materialize(CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\" \r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| extend CategoryFilter = extract(\"InfobloxDomainCat=(.*?);\", 1, AdditionalExtensions)\r\n| where '{filter}' == CategoryFilter \r\n| summarize count() by DestinationDnsDomain\r\n| top 10 by count_ \r\n| project DestinationDnsDomain);\r\n// Filtering datasource to Tops and Plot Time chart\r\nCommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| extend CategoryFilter = extract(\"InfobloxDomainCat=(.*?);\", 1, AdditionalExtensions) \r\n| where '{filter}' == CategoryFilter \r\n| where DestinationDnsDomain in ((Top))\r\n| project TimeGenerated, DestinationDnsDomain\r\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DestinationDnsDomain\r\n", + "size": 2, + "title": "Top Domains for {filter} by Time", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "linechart", + "gridSettings": { + "formatters": [ + { + "columnMatch": "LogSeverity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "0", + "representation": "green", + "text": "N/A" + }, + { + "operator": "==", + "thresholdValue": "1", + "representation": "blue", + "text": "Low/Info" + }, + { + "operator": "==", + "thresholdValue": "5", + "representation": "orange", + "text": "Medium" + }, + { + "operator": "==", + "thresholdValue": "8", + "representation": "red", + "text": "High" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ], + "compositeBarSettings": { + "labelText": "", + "columnSettings": [ + { + "columnName": "LogSeverity", + "color": "blue" + }, + { + "columnName": "DestinationDnsDomain", + "color": "purple" + } + ] + } + } + }, + { + "columnMatch": "Count", + "formatter": 4, + "formatOptions": { + "min": 0, + "palette": "blue" + } + } + ], + "rowLimit": 500, + "filter": true, + "labelSettings": [ + { + "columnId": "SourceIP" + }, + { + "columnId": "TimeGenerated" + }, + { + "columnId": "LogSeverity", + "label": "Threat Level" + }, + { + "columnId": "DestinationDnsDomain" + }, + { + "columnId": "Activity" + }, + { + "columnId": "Message" + }, + { + "columnId": "ApplicationProtocol" + } + ] + }, + "sortBy": [], + "chartSettings": { + "createOtherGroup": 0, + "showLegend": true + } + }, + "customWidth": "74", + "conditionalVisibility": { + "parameterName": "filter", + "comparison": "isNotEqualTo" + }, + "showPin": false, + "name": "Top Domains for {filter} by Time", + "styleSettings": { + "margin": "0 0 0 1%" + } + } + ] + }, + "name": "Category Filter By Type" + }, + { + "type": 1, + "content": { + "json": "---\r\n## By Source IP" + }, + "name": "text - 5" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let starttime = {TimeRange:start};\r\nlet endtime = {TimeRange:end};\r\n// Finding Tops \r\nlet Top = materialize(CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\" \r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| summarize count() by SourceIP\r\n| top 15 by count_ \r\n| project SourceIP);\r\n// Filtering datasource to Tops and Plot Time chart\r\nCommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| where SourceIP in ((Top))\r\n| project TimeGenerated, SourceIP\r\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SourceIP", + "size": 2, + "title": "Top Offending IPs by Time", + "color": "red", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "barchart", + "chartSettings": { + "createOtherGroup": 0, + "showLegend": true + } + }, + "name": "Top Offending IPs by Time" + }, + { + "type": 1, + "content": { + "json": "#### Click on a Source IP in the chart below to further drilldown the IP.\r\n\r\n---", + "style": "info" + }, + "name": "text - 5" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| extend CategoryFilter = extract(\"InfobloxDomainCat=(.*?);\", 1, AdditionalExtensions)\r\n| summarize count() by SourceIP\r\n| sort by count_ desc", + "size": 2, + "title": "Total Offending IP Hit Count", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "exportFieldName": "SourceIP", + "exportParameterName": "ip_cat", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "SourceIP", + "formatter": 0, + "formatOptions": { + "customColumnWidthSetting": "60%" + } + }, + { + "columnMatch": "count_", + "formatter": 3, + "formatOptions": { + "palette": "greenRed", + "compositeBarSettings": { + "labelText": "", + "columnSettings": [] + }, + "customColumnWidthSetting": "40%" + } + }, + { + "columnMatch": "CategoryFilter", + "formatter": 0, + "formatOptions": { + "customColumnWidthSetting": "50%" + } + } + ], + "filter": true, + "labelSettings": [ + { + "columnId": "count_", + "label": "Total Hits" + } + ] + }, + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "DestinationDnsDomain", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "customWidth": "30", + "name": "Total Offending IP Hit Count", + "styleSettings": { + "margin": "0 10px 0 0" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| extend CategoryFilter = extract(\"InfobloxDomainCat=(.*?);\", 1, AdditionalExtensions)\r\n| where '{ip_cat}' == SourceIP\r\n| sort by TimeGenerated desc, CategoryFilter desc\r\n| project TimeGenerated, SourceIP, CategoryFilter, DestinationDnsDomain, LogSeverity, DeviceAction, Message, SourcePort\r\n", + "size": 2, + "title": "Events for {ip_cat}", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "LogSeverity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "gray", + "text": "N/A" + } + ], + "compositeBarSettings": { + "labelText": "", + "columnSettings": [ + { + "columnName": "LogSeverity", + "color": "blue" + }, + { + "columnName": "DestinationDnsDomain", + "color": "purple" + } + ] + } + } + }, + { + "columnMatch": "Message", + "formatter": 0, + "formatOptions": { + "customColumnWidthSetting": "40%" + } + }, + { + "columnMatch": "Count", + "formatter": 4, + "formatOptions": { + "min": 0, + "palette": "blue" + } + } + ], + "rowLimit": 500, + "filter": true, + "labelSettings": [ + { + "columnId": "TimeGenerated" + }, + { + "columnId": "SourceIP" + }, + { + "columnId": "CategoryFilter" + }, + { + "columnId": "DestinationDnsDomain" + }, + { + "columnId": "LogSeverity", + "label": "ThreatLevel" + }, + { + "columnId": "DeviceAction" + }, + { + "columnId": "Message" + }, + { + "columnId": "SourcePort" + } + ] + }, + "sortBy": [] + }, + "customWidth": "70", + "conditionalVisibility": { + "parameterName": "ip_cat", + "comparison": "isNotEqualTo" + }, + "showPin": false, + "name": "Events for {ip_cat}" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| extend CategoryFilter = extract(\"InfobloxDomainCat=(.*?);\", 1, AdditionalExtensions)\r\n| where '{ip_cat}' == SourceIP \r\n| summarize count() by DestinationDnsDomain", + "size": 2, + "title": "Top Category Filter Domains for {ip_cat}", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "gridSettings": { + "formatters": [ + { + "columnMatch": "LogSeverity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "0", + "representation": "green", + "text": "N/A" + }, + { + "operator": "==", + "thresholdValue": "1", + "representation": "blue", + "text": "Low/Info" + }, + { + "operator": "==", + "thresholdValue": "5", + "representation": "orange", + "text": "Medium" + }, + { + "operator": "==", + "thresholdValue": "8", + "representation": "red", + "text": "High" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ], + "compositeBarSettings": { + "labelText": "", + "columnSettings": [ + { + "columnName": "LogSeverity", + "color": "blue" + }, + { + "columnName": "DestinationDnsDomain", + "color": "purple" + } + ] + } + } + }, + { + "columnMatch": "Count", + "formatter": 4, + "formatOptions": { + "min": 0, + "palette": "blue" + } + } + ], + "rowLimit": 500, + "filter": true, + "labelSettings": [ + { + "columnId": "SourceIP" + }, + { + "columnId": "TimeGenerated" + }, + { + "columnId": "LogSeverity", + "label": "Threat Level" + }, + { + "columnId": "DestinationDnsDomain" + }, + { + "columnId": "Activity" + }, + { + "columnId": "Message" + }, + { + "columnId": "ApplicationProtocol" + } + ] + }, + "sortBy": [], + "chartSettings": { + "createOtherGroup": 10 + } + }, + "customWidth": "25", + "conditionalVisibility": { + "parameterName": "ip_cat", + "comparison": "isNotEqualTo" + }, + "showPin": false, + "name": "Top Category Filter Domains for {ip_cat}" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let starttime = {TimeRange:start};\r\nlet endtime = {TimeRange:end};\r\n// Finding Tops \r\nlet Top = materialize(CommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\" \r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| extend CategoryFilter = extract(\"InfobloxDomainCat=(.*?);\", 1, AdditionalExtensions)\r\n| where '{ip_cat}' == SourceIP \r\n| summarize count() by CategoryFilter\r\n| top 10 by count_ \r\n| project CategoryFilter);\r\n// Filtering datasource to Tops and Plot Time chart\r\nCommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \"RPZ\" and AdditionalExtensions contains \"InfobloxRPZ=CAT_\"\r\n| extend CategoryFilter = extract(\"InfobloxDomainCat=(.*?);\", 1, AdditionalExtensions)\r\n| where '{ip_cat}' == SourceIP \r\n| where CategoryFilter in ((Top))\r\n| project TimeGenerated, CategoryFilter\r\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by CategoryFilter", + "size": 2, + "title": "Top Filters for {ip_cat} by Time", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "linechart", + "gridSettings": { + "formatters": [ + { + "columnMatch": "LogSeverity", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "colors", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "0", + "representation": "green", + "text": "N/A" + }, + { + "operator": "==", + "thresholdValue": "1", + "representation": "blue", + "text": "Low/Info" + }, + { + "operator": "==", + "thresholdValue": "5", + "representation": "orange", + "text": "Medium" + }, + { + "operator": "==", + "thresholdValue": "8", + "representation": "red", + "text": "High" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "blue", + "text": "{0}{1}" + } + ], + "compositeBarSettings": { + "labelText": "", + "columnSettings": [ + { + "columnName": "LogSeverity", + "color": "blue" + }, + { + "columnName": "DestinationDnsDomain", + "color": "purple" + } + ] + } + } + }, + { + "columnMatch": "Count", + "formatter": 4, + "formatOptions": { + "min": 0, + "palette": "blue" + } + } + ], + "rowLimit": 500, + "filter": true, + "labelSettings": [ + { + "columnId": "SourceIP" + }, + { + "columnId": "TimeGenerated" + }, + { + "columnId": "LogSeverity", + "label": "Threat Level" + }, + { + "columnId": "DestinationDnsDomain" + }, + { + "columnId": "Activity" + }, + { + "columnId": "Message" + }, + { + "columnId": "ApplicationProtocol" + } + ] + }, + "sortBy": [], + "chartSettings": { + "createOtherGroup": 0, + "showLegend": true + } + }, + "customWidth": "75", + "conditionalVisibility": { + "parameterName": "ip_cat", + "comparison": "isNotEqualTo" + }, + "showPin": false, + "name": "Top Filters for {ip_cat} by Time" + } + ] + }, + "name": "Category Filter by IP" + } + ] + }, + "conditionalVisibility": { + "parameterName": "view", + "comparison": "isEqualTo", + "value": "Category Filters" + }, + "name": "Category Filters" + } + ], + "styleSettings": { + "spacingStyle": "none" + }, + "fromTemplateId": "sentinel-InfobloxCDCB1TDWorkbook", + "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json" +} diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json index f72f21a351..6318dbc498 100644 --- a/Workbooks/WorkbooksMetadata.json +++ b/Workbooks/WorkbooksMetadata.json @@ -1283,5 +1283,18 @@ "templateRelativePath": "CognniIncidentsWorkbook.json", "subtitle": "", "provider": "Cognni" + }, + { + "workbookKey": "InfobloxCDCB1TDWorkbook", + "logoFileName": "infoblox_logo.svg", + "description": "Get a closer look at your BloxOne Threat Defense security event data. This workbook is intended to help visualize BloxOne Threat Defense data as part of the Infoblox Cloud Data Connector. Drilldown your data and visualize events, trends, and anomalous changes over time.", + "dataTypesDependencies": [ "CommonSecurityLog" ], + "dataConnectorsDependencies": [ "InfobloxCloudDataConnector" ], + "previewImagesFileNames": [ "InfobloxCDCB1TDBlack.png", "InfobloxCDCB1TDWhite.png" ], + "version": "1.0", + "title": "Infoblox CDC BloxOne Threat Defense Workbook", + "templateRelativePath": "InfobloxCDCB1TDWorkbook.json", + "subtitle": "", + "provider": "Infoblox" } ]