Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Sanitizing email, name

This commit is contained in:
NikTripathi 2021-08-02 12:33:03 +05:30
Родитель 0aa1b1eb8e
Коммит 1f2432e14c
50 изменённых файлов: 2353 добавлений и 2353 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

40
Sample Data/CEF/SymantecDLP.json
Просмотреть файл

@ -5847,7 +5847,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "Bank Account Numbers (Unclassified) - Monitoring",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1172;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1172;ATTACHMENT_FILENAME=DLP_Excel_BAN-001d.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=Test File (BAN001);SEVERITY=4:Info;OCCURRED_ON=October 16, 2020 10:34:25 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1172;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1172;ATTACHMENT_FILENAME=DLP_Excel_BAN-001d.xlsx ;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=Test File (BAN001);SEVERITY=4:Info;OCCURRED_ON=October 16, 2020 10:34:25 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001"
},
@ -5957,7 +5957,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "IRGT - DPA",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1259;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1259;ATTACHMENT_FILENAME=DPA12345.docx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=FW: test email;SEVERITY=1:High;OCCURRED_ON=October 23, 2020 2:31:58 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1259;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1259;ATTACHMENT_FILENAME=DPA12345.docx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=FW: test email;SEVERITY=1:High;OCCURRED_ON=October 23, 2020 2:31:58 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.248.54;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002"
},
@ -6441,7 +6441,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "IRGT- DPLIA",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1225;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1225;ATTACHMENT_FILENAME=N/A;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=TEST;SEVERITY=1:High;OCCURRED_ON=October 20, 2020 1:50:55 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.251.110;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1225;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1225;ATTACHMENT_FILENAME=N/A;FILE_NAME=N/A;MATCH_COUNT=4;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=TEST;SEVERITY=1:High;OCCURRED_ON=October 20, 2020 1:50:55 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.251.110;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001"
},
@ -6463,7 +6463,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "IRGT - SAR Request",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1224;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1224;ATTACHMENT_FILENAME=SAR12345.docx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=TEST email;SEVERITY=1:High;OCCURRED_ON=October 20, 2020 1:50:55 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.251.110;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1224;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1224;ATTACHMENT_FILENAME=SAR12345.docx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=TEST email;SEVERITY=1:High;OCCURRED_ON=October 20, 2020 1:50:55 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.251.110;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002"
},
@ -6485,7 +6485,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "Date of Birth - Monitoring",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1133;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1133;ATTACHMENT_FILENAME=N/A;FILE_NAME=N/A;MATCH_COUNT=5;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 6, 2020 4:25:06 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.243.241;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1133;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1133;ATTACHMENT_FILENAME=N/A;FILE_NAME=N/A;MATCH_COUNT=5;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 6, 2020 4:25:06 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.243.241;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001"
},
@ -6793,7 +6793,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "Date of Birth - Monitoring",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1329;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1329;ATTACHMENT_FILENAME=DLP_Excel_BAN-001.xlsx DLP_Excel_NINO-001.xlsx DLP_Excel_PCI-001.xlsx DLP_Excel_DOB-001.xlsx DLP_Excel_PAN-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=427;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:57:24 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1329;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1329;ATTACHMENT_FILENAME=DLP_Excel_BAN-001.xlsx DLP_Excel_NINO-001.xlsx DLP_Excel_PCI-001.xlsx DLP_Excel_DOB-001.xlsx DLP_Excel_PAN-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=427;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:57:24 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001"
},
@ -6815,7 +6815,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "Payment Card Numbers (Unclassified) - PCI-001",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1322;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1322;ATTACHMENT_FILENAME=DLP_Excel_BAN-001.xlsx DLP_Excel_NINO-001.xlsx DLP_Excel_PCI-001.xlsx DLP_Excel_DOB-001.xlsx DLP_Excel_PAN-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=306;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:57:24 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1322;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1322;ATTACHMENT_FILENAME=DLP_Excel_BAN-001.xlsx DLP_Excel_NINO-001.xlsx DLP_Excel_PCI-001.xlsx DLP_Excel_DOB-001.xlsx DLP_Excel_PAN-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=306;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:57:24 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002"
},
@ -6837,7 +6837,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "Date of Birth (Unclassified) - DOB001",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1328;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1328;ATTACHMENT_FILENAME=DLP_Excel_BAN-001.xlsx DLP_Excel_NINO-001.xlsx DLP_Excel_PCI-001.xlsx DLP_Excel_DOB-001.xlsx DLP_Excel_PAN-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=849;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:57:24 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1328;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1328;ATTACHMENT_FILENAME=DLP_Excel_BAN-001.xlsx DLP_Excel_NINO-001.xlsx DLP_Excel_PCI-001.xlsx DLP_Excel_DOB-001.xlsx DLP_Excel_PAN-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=849;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:57:24 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002"
},
@ -6859,7 +6859,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "Bank Account Numbers (Unclassified) - BAN001",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1330;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1330;ATTACHMENT_FILENAME=DLP_Excel_BAN-001.xlsx DLP_Excel_NINO-001.xlsx DLP_Excel_PCI-001.xlsx DLP_Excel_DOB-001.xlsx DLP_Excel_PAN-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=498;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:57:24 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1330;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1330;ATTACHMENT_FILENAME=DLP_Excel_BAN-001.xlsx DLP_Excel_NINO-001.xlsx DLP_Excel_PCI-001.xlsx DLP_Excel_DOB-001.xlsx DLP_Excel_PAN-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=498;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 30, 2020 2:57:24 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002"
},
@ -7761,7 +7761,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "IRGT - Rights",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1164;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1164;ATTACHMENT_FILENAME=right to be informed.txt ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 7, 2020 3:33:12 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.239.105;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1164;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1164;ATTACHMENT_FILENAME=right to be informed.txt ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=test email;SEVERITY=1:High;OCCURRED_ON=October 7, 2020 3:33:12 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.239.105;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002"
},
@ -7959,7 +7959,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "Payment Card Numbers - Monitoring Only",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1250;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1250;ATTACHMENT_FILENAME=DLP_Notepad_PCI-001.txt ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=FW: Test File (PCI001);SEVERITY=4:Info;OCCURRED_ON=October 22, 2020 1:49:25 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.226.209;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1250;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1250;ATTACHMENT_FILENAME=DLP_Notepad_PCI-001.txt ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=FW: Test File (PCI001);SEVERITY=4:Info;OCCURRED_ON=October 22, 2020 1:49:25 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.226.209;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001"
},
@ -8003,7 +8003,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "Payment Card Numbers (Unclassified) - PCI-001",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1249;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1249;ATTACHMENT_FILENAME=DLP_Notepad_PCI-001.txt ;FILE_NAME=N/A;MATCH_COUNT=306;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=FW: Test File (PCI001);SEVERITY=1:High;OCCURRED_ON=October 22, 2020 1:49:25 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.226.209;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1249;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1249;ATTACHMENT_FILENAME=DLP_Notepad_PCI-001.txt ;FILE_NAME=N/A;MATCH_COUNT=306;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=FW: Test File (PCI001);SEVERITY=1:High;OCCURRED_ON=October 22, 2020 1:49:25 PM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.226.209;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002"
},
@ -8641,7 +8641,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "Bank Account Numbers (Unclassified) - Monitoring",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1310;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1310;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com,sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=RE: test email;SEVERITY=4:Info;OCCURRED_ON=October 30, 2020 1:52:18 PM;URL=N/A;DESTINATION_IP=null null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1310;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1310;ATTACHMENT_FILENAME=DLP_Excel_BAN count1.xlsx ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com,sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=RE: test email;SEVERITY=4:Info;OCCURRED_ON=October 30, 2020 1:52:18 PM;URL=N/A;DESTINATION_IP=null null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.222.253.233;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001"
},
@ -8773,7 +8773,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "Bank Account Numbers (Unclassified) - BAN001",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1173;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1173;ATTACHMENT_FILENAME=DLP_Excel_BAN-001d.xlsx ;FILE_NAME=N/A;MATCH_COUNT=498;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=Test File (BAN001);SEVERITY=1:High;OCCURRED_ON=October 16, 2020 10:34:25 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1173;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1173;ATTACHMENT_FILENAME=DLP_Excel_BAN-001d.xlsx ;FILE_NAME=N/A;MATCH_COUNT=498;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=Test File (BAN001);SEVERITY=1:High;OCCURRED_ON=October 16, 2020 10:34:25 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002"
},
@ -8795,7 +8795,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "Passport Numbers (Unclassified) - PAN-001",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1175;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1175;ATTACHMENT_FILENAME=DLP_Excel_PAN-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=413;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=Test File (PAN002);SEVERITY=1:High;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1175;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1175;ATTACHMENT_FILENAME=DLP_Excel_PAN-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=413;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=Test File (PAN002);SEVERITY=1:High;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001"
},
@ -8817,7 +8817,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "National Insurance Numbers (Unclassified) - Monitoring",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1174;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1174;ATTACHMENT_FILENAME=DLP_Excel_NINO-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=Test File (NINO001);SEVERITY=4:Info;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1174;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1174;ATTACHMENT_FILENAME=DLP_Excel_NINO-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=3;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=Test File (NINO001);SEVERITY=4:Info;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002"
},
@ -8839,7 +8839,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "Date of Birth - Monitoring",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1180;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1180;ATTACHMENT_FILENAME=DLP_PDF_DOB-001.pdf ;FILE_NAME=N/A;MATCH_COUNT=504;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=Test File (DOB001);SEVERITY=1:High;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1180;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1180;ATTACHMENT_FILENAME=DLP_PDF_DOB-001.pdf ;FILE_NAME=N/A;MATCH_COUNT=504;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=Test File (DOB001);SEVERITY=1:High;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0001"
},
@ -8861,7 +8861,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "National Insurance Numbers (Unclassified) -NINO-001",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1176;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1176;ATTACHMENT_FILENAME=DLP_Excel_NINO-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=502;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=Test File (NINO001);SEVERITY=1:High;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1176;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1176;ATTACHMENT_FILENAME=DLP_Excel_NINO-001.xlsx ;FILE_NAME=N/A;MATCH_COUNT=502;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=Test File (NINO001);SEVERITY=1:High;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002"
},
@ -8883,7 +8883,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "Payment Card Numbers - Monitoring Only",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1179;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1179;ATTACHMENT_FILENAME=DLP_Notepad_PCI-001.txt ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=Test File (PCI001);SEVERITY=4:Info;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1179;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1179;ATTACHMENT_FILENAME=DLP_Notepad_PCI-001.txt ;FILE_NAME=N/A;MATCH_COUNT=2;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=Test File (PCI001);SEVERITY=4:Info;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002"
},
@ -8905,7 +8905,7 @@
"DestinationPort": "",
"DeviceVersion": "15.5.0",
"Activity": "Date of Birth (Unclassified) - DOB001",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1181;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1181;ATTACHMENT_FILENAME=DLP_PDF_DOB-001.pdf ;FILE_NAME=N/A;MATCH_COUNT=1003;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized_email.com;SENDER=DLP.sanitized_email.com;SUBJECT=Test File (DOB001);SEVERITY=1:High;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A",
"AdditionalExtensions": "BLOCKED=None;APPLICATION_NAME=Microsoft Outlook;INCIDENT_ID=1181;INCIDENT_SNAPSHOT=;https://SAMPLEHOST001.abc.abccompany.com/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=;incident.id&value(operator_1)=;incident.id_in&value(operand_1)=1181;ATTACHMENT_FILENAME=DLP_PDF_DOB-001.pdf ;FILE_NAME=N/A;MATCH_COUNT=1003;PROTOCOL=Endpoint Email/SMTP;RECIPIENTS=sanitized@sanitized.com;SENDER=DLP.sanitized@sanitized.com;SUBJECT=Test File (DOB001);SEVERITY=1:High;OCCURRED_ON=October 16, 2020 10:50:41 AM;URL=N/A;DESTINATION_IP=null ;ENDPOINT_MACHINE=L1020088;ENDPOINT_DEVICE_ID=N/A;MACHINE_IP=10.221.250.136;SCAN=N/A;QUARANTINE_PATH=N/A",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/d11111111-1111-1111-1111-111111111111/resourcegroups/logmanagement-rg/providers/microsoft.compute/virtualmachines/samplevm0002"
}

58
Sample Data/Custom/BetterMTDDeviceLog_CL.json
Просмотреть файл

@ -14,7 +14,7 @@
"LastReported_t": "2020-09-30T09:49:24.436Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -37,7 +37,7 @@
"LastReported_t": "2020-09-30T09:49:39.823Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -60,7 +60,7 @@
"LastReported_t": "2020-09-30T09:49:54.428Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -83,7 +83,7 @@
"LastReported_t": "2020-09-30T09:45:01.315Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -106,7 +106,7 @@
"LastReported_t": "2020-09-30T09:50:24.665Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -129,7 +129,7 @@
"LastReported_t": "2020-09-30T09:50:09.106Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -152,7 +152,7 @@
"LastReported_t": "2020-09-30T09:50:40.454Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -175,7 +175,7 @@
"LastReported_t": "2020-09-30T09:45:40.832Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -198,7 +198,7 @@
"LastReported_t": "2020-09-30T09:45:15.086Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -221,7 +221,7 @@
"LastReported_t": "2020-09-30T09:45:27.578Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -244,7 +244,7 @@
"LastReported_t": "2020-09-30T09:41:28.208Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -267,7 +267,7 @@
"LastReported_t": "2020-09-30T10:08:33.328Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -290,7 +290,7 @@
"LastReported_t": "2020-09-30T09:47:14.817Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -313,7 +313,7 @@
"LastReported_t": "2020-09-30T09:47:31.421Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -336,7 +336,7 @@
"LastReported_t": "2020-09-30T09:48:12.839Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -359,7 +359,7 @@
"LastReported_t": "2020-09-30T09:47:47.894Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -382,7 +382,7 @@
"LastReported_t": "2020-09-30T09:48:00.848Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -405,7 +405,7 @@
"LastReported_t": "2020-09-30T09:48:24.687Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -428,7 +428,7 @@
"LastReported_t": "2020-09-30T09:48:38.123Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -451,7 +451,7 @@
"LastReported_t": "2020-09-30T09:49:08.173Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -474,7 +474,7 @@
"LastReported_t": "2020-09-30T09:45:57.511Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -497,7 +497,7 @@
"LastReported_t": "2020-09-30T09:41:30.756Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -520,7 +520,7 @@
"LastReported_t": "2020-09-30T09:46:12.975Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -543,7 +543,7 @@
"LastReported_t": "2020-09-30T09:46:29.313Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -566,7 +566,7 @@
"LastReported_t": "2020-09-30T09:46:59.506Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -589,7 +589,7 @@
"LastReported_t": "2020-09-30T09:46:44.945Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -612,7 +612,7 @@
"LastReported_t": "2020-09-30T09:41:36.782Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -635,7 +635,7 @@
"LastReported_t": "2020-09-30T09:43:07.613Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,
@ -658,7 +658,7 @@
"LastReported_t": "2020-09-30T09:48:52.359Z",
"LocationID_d": 0,
"CompanyName_s": "demo-tenant",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"IsDeleted_d": 0,
"ThreatLevel_s": "Medium",
"ThreatScore_d": 53,

14
Sample Data/Custom/BetterMTDIncidentLog_CL.json
Просмотреть файл

@ -15,7 +15,7 @@
"DeviceOS_s": "6.0.1",
"DeviceId_g": "95e8c307-4a05-4eb3-a7da-ae48e3e60d69",
"DevicePlatform_s": "Android",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"Status_s": "Resolved",
"EventTimeStamp_t": "2020-01-14T12:55:08Z",
"LogTimeStamp_t": "2020-08-10T09:01:35.855Z",
@ -37,7 +37,7 @@
"DeviceOS_s": "6.0.1",
"DeviceId_g": "95e8c307-4a05-4eb3-a7da-ae48e3e60d69",
"DevicePlatform_s": "Android",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"Status_s": "Resolved",
"EventTimeStamp_t": "2020-01-14T12:55:08Z",
"LogTimeStamp_t": "2020-08-10T09:01:35.855Z",
@ -59,7 +59,7 @@
"DeviceOS_s": "6.0.1",
"DeviceId_g": "95e8c307-4a05-4eb3-a7da-ae48e3e60d69",
"DevicePlatform_s": "Android",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"Status_s": "Resolved",
"EventTimeStamp_t": "2020-01-14T12:55:08Z",
"LogTimeStamp_t": "2020-08-10T09:01:35.855Z",
@ -81,7 +81,7 @@
"DeviceOS_s": "6.0.1",
"DeviceId_g": "95e8c307-4a05-4eb3-a7da-ae48e3e60d69",
"DevicePlatform_s": "Android",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"Status_s": "Resolved",
"EventTimeStamp_t": "2020-01-14T12:55:08Z",
"LogTimeStamp_t": "2020-08-10T09:01:35.855Z",
@ -103,7 +103,7 @@
"DeviceOS_s": "6.0.1",
"DeviceId_g": "95e8c307-4a05-4eb3-a7da-ae48e3e60d69",
"DevicePlatform_s": "Android",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"Status_s": "Resolved",
"EventTimeStamp_t": "2020-01-14T12:55:08Z",
"LogTimeStamp_t": "2020-08-10T09:01:35.855Z",
@ -125,7 +125,7 @@
"DeviceOS_s": "6.0.1",
"DeviceId_g": "95e8c307-4a05-4eb3-a7da-ae48e3e60d69",
"DevicePlatform_s": "Apple",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"Status_s": "Resolved",
"EventTimeStamp_t": "2020-01-14T12:55:08Z",
"LogTimeStamp_t": "2020-08-10T09:01:35.855Z",
@ -147,7 +147,7 @@
"DeviceOS_s": "6.0.1",
"DeviceId_g": "95e8c307-4a05-4eb3-a7da-ae48e3e60d69",
"DevicePlatform_s": "Apple",
"UserEmail_s": "sanitized_email.com",
"UserEmail_s": "sanitized@sanitized.com",
"Status_s": "Resolved",
"EventTimeStamp_t": "2020-01-14T12:55:08Z",
"LogTimeStamp_t": "2020-08-10T09:01:35.855Z",

40
Sample Data/Custom/BetterMTDNetflowLog_CL.json
Просмотреть файл

@ -31,7 +31,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:41:19.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "ecb0ed37-3af1-4391-9cd9-241c3aa20532",
"NetworkType_s": "wifi",
"Account_s": "",
@ -73,7 +73,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:41:19.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "aa709498-e14a-4c75-bac8-f3c637854023",
"NetworkType_s": "wifi",
"Account_s": "",
@ -115,7 +115,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:41:18.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "7c6baa44-a8db-466b-a37b-7bb8604329aa",
"NetworkType_s": "wifi",
"Account_s": "",
@ -157,7 +157,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:41:20.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "107073d3-902a-404e-93ab-f49b3d898a5c",
"NetworkType_s": "wifi",
"Account_s": "",
@ -199,7 +199,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:41:18.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "8135a14c-87a4-4354-b978-4f2c7516e688",
"NetworkType_s": "wifi",
"Account_s": "",
@ -241,7 +241,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:41:19.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "35ca6f97-c181-4d05-822b-6a0cab8aadaf",
"NetworkType_s": "wifi",
"Account_s": "",
@ -283,7 +283,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:41:19.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "e2f3878c-9a54-4dc2-a271-47ecb2fa04f3",
"NetworkType_s": "wifi",
"Account_s": "",
@ -325,7 +325,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:41:19.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "91b96273-c95a-4590-bb7d-627cbf74fb6e",
"NetworkType_s": "wifi",
"Account_s": "",
@ -367,7 +367,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:41:18.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "3297e543-17c7-40c0-b6d2-6ddeaac9a14e",
"NetworkType_s": "wifi",
"Account_s": "",
@ -409,7 +409,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:41:18.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "9e6a3735-85f2-476f-93eb-a6cf8b5e4f47",
"NetworkType_s": "wifi",
"Account_s": "",
@ -451,7 +451,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:41:18.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "89ca2129-16d8-4056-9290-2863135cdc58",
"NetworkType_s": "wifi",
"Account_s": "",
@ -493,7 +493,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:41:18.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "d4637dbb-b2e8-4a14-b491-ad31b7d936e2",
"NetworkType_s": "wifi",
"Account_s": "",
@ -535,7 +535,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:41:17.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "0f8a74a2-5aa6-4b04-99a4-212f619e2764",
"NetworkType_s": "wifi",
"Account_s": "",
@ -577,7 +577,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:41:17.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "ab76db3e-ba5b-4d99-b523-a044f02df283",
"NetworkType_s": "wifi",
"Account_s": "",
@ -619,7 +619,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:41:17.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "6965afcb-91ca-4d8b-94a4-9be3285a9a91",
"NetworkType_s": "wifi",
"Account_s": "",
@ -661,7 +661,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:41:17.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "0e71df0e-d3f0-4b25-b928-1dea17f18cc3",
"NetworkType_s": "wifi",
"Account_s": "",
@ -703,7 +703,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:40:57.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "8c76cb41-9f26-4081-8a05-e2c0933e2633",
"NetworkType_s": "wifi",
"Account_s": "",
@ -745,7 +745,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:40:56.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "455e63f5-9bbb-4928-a13a-683cd265f3ce",
"NetworkType_s": "wifi",
"Account_s": "",
@ -787,7 +787,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:40:56.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "7e577b0f-189d-44cc-a1b4-fe8872afae2b",
"NetworkType_s": "wifi",
"Account_s": "",
@ -829,7 +829,7 @@
"MGTimestampStart_t [UTC]": "11/12/2020, 1:40:56.000 PM",
"UDID_s": "",
"DeviceName_s": "Test iPhone",
"Username_s": "sanitized_email.com",
"Username_s": "sanitized@sanitized.com",
"UUId_g": "7ca0cf6f-eff0-4c81-a01f-591037d14cd9",
"NetworkType_s": "wifi",
"Account_s": "",

20
Sample Data/Custom/BoxEvents_CL.json
Просмотреть файл

@ -43,11 +43,11 @@
"source_owned_by_type_s": "user",
"source_owned_by_id_s": "3479033731",
"source_owned_by_name_s": "Admin",
"source_owned_by_login_s": "sanitized_email.com",
"source_owned_by_login_s": "sanitized@sanitized.com",
"created_by_type_s": "user",
"created_by_id_s": "14750419433",
"created_by_name_s": "NAME EXAMPLE",
"created_by_login_s": "sanitized_email.com",
"created_by_login_s": "sanitized@sanitized.com",
"created_at_t [UTC]": "2/1/2021, 5:17:03.000 PM",
"event_id_g": "53a34dc9-5a78-4d46-a4ae-2f5435e1d6c2",
"event_type_s": "ITEM_OPEN",
@ -123,11 +123,11 @@
"source_owned_by_type_s": "user",
"source_owned_by_id_s": "3479033731",
"source_owned_by_name_s": "Admin",
"source_owned_by_login_s": "sanitized_email.com",
"source_owned_by_login_s": "sanitized@sanitized.com",
"created_by_type_s": "user",
"created_by_id_s": "3523752930",
"created_by_name_s": "NAME TEST",
"created_by_login_s": "sanitized_email.com",
"created_by_login_s": "sanitized@sanitized.com",
"created_at_t [UTC]": "2/1/2021, 5:17:03.000 PM",
"event_id_g": "d611d745-6fce-47da-ba80-bad46f95bb77",
"event_type_s": "EDIT",
@ -203,11 +203,11 @@
"source_owned_by_type_s": "user",
"source_owned_by_id_s": "3479033731",
"source_owned_by_name_s": "Admin",
"source_owned_by_login_s": "sanitized_email.com",
"source_owned_by_login_s": "sanitized@sanitized.com",
"created_by_type_s": "user",
"created_by_id_s": "14750419433",
"created_by_name_s": "NAME TEST",
"created_by_login_s": "sanitized_email.com",
"created_by_login_s": "sanitized@sanitized.com",
"created_at_t [UTC]": "2/1/2021, 5:17:03.000 PM",
"event_id_g": "f050f5c0-75a7-4df2-a3a8-13e21d4c5d3f",
"event_type_s": "COPY",
@ -283,11 +283,11 @@
"source_owned_by_type_s": "user",
"source_owned_by_id_s": "3478867251",
"source_owned_by_name_s": "Admin",
"source_owned_by_login_s": "sanitized_email.com",
"source_owned_by_login_s": "sanitized@sanitized.com",
"created_by_type_s": "user",
"created_by_id_s": "3522971701",
"created_by_name_s": "Name Test",
"created_by_login_s": "sanitized_email.com",
"created_by_login_s": "sanitized@sanitized.com",
"created_at_t [UTC]": "2/1/2021, 5:17:04.000 PM",
"event_id_g": "16d170db-3d69-4b53-9f20-230603d3b63a",
"event_type_s": "DOWNLOAD",
@ -363,11 +363,11 @@
"source_owned_by_type_s": "user",
"source_owned_by_id_s": "3478867251",
"source_owned_by_name_s": "Admin",
"source_owned_by_login_s": "sanitized_email.com",
"source_owned_by_login_s": "sanitized@sanitized.com",
"created_by_type_s": "user",
"created_by_id_s": "3523521797",
"created_by_name_s": "Test Name",
"created_by_login_s": "sanitized_email.com",
"created_by_login_s": "sanitized@sanitized.com",
"created_at_t [UTC]": "2/1/2021, 5:17:04.000 PM",
"event_id_g": "3ee82cee-5e55-4ed6-b459-c30a533ac017",
"event_type_s": "EDIT",

242
Sample Data/Custom/CarbonBlackAuditLogs_CL.json
Просмотреть файл

@ -10,7 +10,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59015E+12",
"eventId_g": "1c4f8c6b-9c30-11ea-ba83-e3cb965acc5e",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "98.98.98.98",
@ -30,7 +30,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59015E+12",
"eventId_g": "1c9b8a0d-9c30-11ea-88de-e303799b07ea",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "98.98.98.98",
@ -50,7 +50,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/binary/knownbad",
"eventTime_d": "1.59015E+12",
"eventId_g": "20bf1bb2-9c30-11ea-8979-f9c33d0ca68b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "98.98.98.98",
@ -70,7 +70,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59015E+12",
"eventId_g": "2d0cfac0-9c30-11ea-ba83-e3cb965acc5e",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "98.98.98.98",
@ -130,7 +130,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59002E+12",
"eventId_g": "55cc03ec-9af5-11ea-84c5-b7135c66eb0b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -150,7 +150,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59002E+12",
"eventId_g": "577a7719-9af5-11ea-9405-4d747d8e3015",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -170,7 +170,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59002E+12",
"eventId_g": "5c0f8f67-9af5-11ea-9bdf-477655f49173",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -190,7 +190,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "78d9b56b-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -210,7 +210,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373bc-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -230,7 +230,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373bd-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -250,7 +250,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373be-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -270,7 +270,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373bf-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -290,7 +290,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c0-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -310,7 +310,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c1-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -330,7 +330,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c2-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -350,7 +350,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c3-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -370,7 +370,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c4-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -390,7 +390,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c5-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -410,7 +410,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c6-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -430,7 +430,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c7-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -450,7 +450,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c8-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -470,7 +470,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c9-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -490,7 +490,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373ca-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -510,7 +510,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373cb-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -530,7 +530,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373cc-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -550,7 +550,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373cd-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -570,7 +570,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373ce-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -590,7 +590,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373cf-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -610,7 +610,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373d0-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -630,7 +630,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae1-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -650,7 +650,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae2-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -670,7 +670,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae3-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -690,7 +690,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae4-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -710,7 +710,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae5-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -730,7 +730,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae6-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -750,7 +750,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae7-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -770,7 +770,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae8-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -790,7 +790,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae9-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -810,7 +810,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439aea-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -830,7 +830,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439aeb-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -850,7 +850,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439aec-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -870,7 +870,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439aed-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -890,7 +890,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439aee-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -910,7 +910,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439aef-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -930,7 +930,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af0-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -950,7 +950,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af1-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -970,7 +970,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af2-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -990,7 +990,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af3-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1010,7 +1010,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af4-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1030,7 +1030,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af5-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1050,7 +1050,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af6-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1070,7 +1070,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af7-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1090,7 +1090,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af8-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1110,7 +1110,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af9-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1130,7 +1130,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439afa-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1150,7 +1150,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439afb-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1170,7 +1170,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439afc-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1190,7 +1190,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439afd-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1210,7 +1210,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "7964425e-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1230,7 +1230,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59002E+12",
"eventId_g": "85840c17-9af5-11ea-b921-85da2198bc2c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1250,7 +1250,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59004E+12",
"eventId_g": "1332f41d-9b1b-11ea-9405-4d747d8e3015",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1270,7 +1270,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59004E+12",
"eventId_g": "13dd8c01-9b1b-11ea-87fe-5ffc8ff2649e",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1290,7 +1290,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59004E+12",
"eventId_g": "25643d7d-9b1b-11ea-a897-5b5b103b1cc4",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1310,7 +1310,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/reputations",
"eventTime_d": "1.5906E+12",
"eventId_g": "aeff86ff-a049-11ea-b5b5-e55f0282f26b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
@ -1330,7 +1330,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.5906E+12",
"eventId_g": "b3931934-a049-11ea-ba83-e3cb965acc5e",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
@ -1350,7 +1350,7 @@
"requestUrl_s": "org.springframework.web.servlet.support.ServletUriComponentsBuilder@56060ad9",
"eventTime_d": "1.5906E+12",
"eventId_g": "da918cf9-a049-11ea-8979-f9c33d0ca68b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
@ -1370,7 +1370,7 @@
"requestUrl_s": "org.springframework.web.servlet.support.ServletUriComponentsBuilder@56060ad9",
"eventTime_d": "1.5906E+12",
"eventId_g": "da944c1a-a049-11ea-8979-f9c33d0ca68b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
@ -1390,7 +1390,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.5906E+12",
"eventId_g": "714327f7-a047-11ea-8520-3d1e037febf5",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
@ -1410,7 +1410,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.5906E+12",
"eventId_g": "71e3ad9d-a047-11ea-99ef-f5eee234d36b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
@ -1430,7 +1430,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/actions/bypass/on",
"eventTime_d": "1.5906E+12",
"eventId_g": "fa8fee0e-a047-11ea-80bf-61e2e49eae77",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
@ -1470,12 +1470,12 @@
"requestUrl_s": "",
"eventTime_d": "1.59061E+12",
"eventId_g": "8548df81-a04e-11ea-88de-e303799b07ea",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "User sanitized_email.com retrieved secret for API ID 9I6MBV1DVI in org 12261",
"description_s": "User sanitized@sanitized.com retrieved secret for API ID 9I6MBV1DVI in org 12261",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
@ -1490,7 +1490,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.5906E+12",
"eventId_g": "4e229ff1-a049-11ea-9e56-7d8807a8b194",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
@ -1510,7 +1510,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/actions/bypass/off",
"eventTime_d": "1.5906E+12",
"eventId_g": "618dc846-a049-11ea-b5b5-e55f0282f26b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
@ -1530,7 +1530,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.5906E+12",
"eventId_g": "62285ae1-a049-11ea-9030-39f61fd0b12c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
@ -1550,7 +1550,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.5906E+12",
"eventId_g": "6a18fa88-a049-11ea-ba83-e3cb965acc5e",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
@ -1570,7 +1570,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59061E+12",
"eventId_g": "00afef27-a04c-11ea-ae69-21cb7df9699b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
@ -1590,12 +1590,12 @@
"requestUrl_s": "",
"eventTime_d": "1.59061E+12",
"eventId_g": "0122c38c-a04e-11ea-a717-d55d72138d6f",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "User sanitized_email.com retrieved secret for API ID 9I6MBV1DVI in org 12261",
"description_s": "User sanitized@sanitized.com retrieved secret for API ID 9I6MBV1DVI in org 12261",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
@ -1610,12 +1610,12 @@
"requestUrl_s": "",
"eventTime_d": "1.59061E+12",
"eventId_g": "21fb93d7-a04e-11ea-9860-398dfe606d2b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "User sanitized_email.com retrieved secret for API ID G4ZZRJ4539 in org 12261",
"description_s": "User sanitized@sanitized.com retrieved secret for API ID G4ZZRJ4539 in org 12261",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
@ -1650,7 +1650,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/binary/knownbad",
"eventTime_d": "1.59055E+12",
"eventId_g": "5ab2ac0b-9fbf-11ea-a717-d55d72138d6f",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1670,7 +1670,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "88e37788-9fbf-11ea-8c38-d55b416c596c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1690,7 +1690,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "896097b2-9fbf-11ea-b5b5-e55f0282f26b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1710,7 +1710,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "8c532355-9fbf-11ea-a431-bd4a54c45663",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1730,7 +1730,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/reputations/delete",
"eventTime_d": "1.59055E+12",
"eventId_g": "0beb8e8e-9fc2-11ea-9860-398dfe606d2b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1750,7 +1750,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "928db8ba-9fc0-11ea-8520-3d1e037febf5",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1770,7 +1770,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "9d146c9c-9fc0-11ea-88de-e303799b07ea",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1790,7 +1790,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/actions/hashes/908b64b1971a979c7e3e8ce4621945cba84854cb98d76367b791a6e22b5f6d53/upload",
"eventTime_d": "1.59055E+12",
"eventId_g": "1a5935f7-9fc1-11ea-9030-39f61fd0b12c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1810,7 +1810,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/binary/knownbad",
"eventTime_d": "1.59055E+12",
"eventId_g": "247f535e-9fc1-11ea-b474-ad2b1b5a8589",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1830,7 +1830,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/binary/knownbad",
"eventTime_d": "1.59055E+12",
"eventId_g": "2e7d4ede-9fc1-11ea-8520-3d1e037febf5",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1850,7 +1850,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/reputations",
"eventTime_d": "1.59055E+12",
"eventId_g": "6c35c8aa-9fc1-11ea-9860-398dfe606d2b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1870,7 +1870,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "75cbb488-9fc1-11ea-9e56-7d8807a8b194",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1890,7 +1890,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "7abecb07-9fc1-11ea-ae69-21cb7df9699b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1910,7 +1910,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "8143cc5c-9fc1-11ea-b5b5-e55f0282f26b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1930,7 +1930,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "b306c040-9fc1-11ea-b5b5-e55f0282f26b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1950,7 +1950,7 @@
"requestUrl_s": "org.springframework.web.servlet.support.ServletUriComponentsBuilder@45c36b9f",
"eventTime_d": "1.59055E+12",
"eventId_g": "e17495c7-9fc1-11ea-a717-d55d72138d6f",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1970,7 +1970,7 @@
"requestUrl_s": "org.springframework.web.servlet.support.ServletUriComponentsBuilder@45c36b9f",
"eventTime_d": "1.59055E+12",
"eventId_g": "e1c526c8-9fc1-11ea-a717-d55d72138d6f",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -1990,7 +1990,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/alerts/notifications",
"eventTime_d": "1.59059E+12",
"eventId_g": "88304a3c-a02d-11ea-8520-3d1e037febf5",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
@ -2010,7 +2010,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/alerts/notifications/882f5fdba02d11ea85204d04f535ec77",
"eventTime_d": "1.59059E+12",
"eventId_g": "8b022f9a-a02d-11ea-8c38-d55b416c596c",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
@ -2030,12 +2030,12 @@
"requestUrl_s": "",
"eventTime_d": "1.59059E+12",
"eventId_g": "a3dfb1ca-a02d-11ea-a53b-9b43877f6dd1",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "Added user sanitized_email.com to org 12261 (Email Invitation)",
"description_s": "Added user sanitized@sanitized.com to org 12261 (Email Invitation)",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
@ -2050,7 +2050,7 @@
"requestUrl_s": "/access/v1/grants/psc:user:NE2F3D55:53375/org-ref/psc:org:NE2F3D55",
"eventTime_d": "1.59059E+12",
"eventId_g": "e96c4207-a02d-11ea-ae69-21cb7df9699b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
@ -2070,12 +2070,12 @@
"requestUrl_s": "",
"eventTime_d": "1.59059E+12",
"eventId_g": "e99d3d35-a02d-11ea-b5b5-e55f0282f26b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "Updated user sanitized_email.com in org 12260",
"description_s": "Updated user sanitized@sanitized.com in org 12260",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
@ -2090,7 +2090,7 @@
"requestUrl_s": "",
"eventTime_d": "1.59059E+12",
"eventId_g": "274e8b91-a02e-11ea-a717-d55d72138d6f",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
@ -2110,12 +2110,12 @@
"requestUrl_s": "",
"eventTime_d": "1.59059E+12",
"eventId_g": "279e58ea-a02e-11ea-b474-ad2b1b5a8589",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "User sanitized_email.com retrieved secret for API ID G4ZZRJ4539 in org 12261",
"description_s": "User sanitized@sanitized.com retrieved secret for API ID G4ZZRJ4539 in org 12261",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
@ -2130,7 +2130,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/alerts/notifications",
"eventTime_d": "1.59059E+12",
"eventId_g": "65a149bd-a02e-11ea-b5b5-e55f0282f26b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
@ -2150,12 +2150,12 @@
"requestUrl_s": "",
"eventTime_d": "1.59025E+12",
"eventId_g": "66680791-9d11-11ea-ba83-e3cb965acc5e",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "User sanitized_email.com retrieved secret for API ID 9I6MBV1DVI in org 12261",
"description_s": "User sanitized@sanitized.com retrieved secret for API ID 9I6MBV1DVI in org 12261",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
@ -2170,7 +2170,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59025E+12",
"eventId_g": "2676cac0-9d08-11ea-9860-398dfe606d2b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
@ -2190,7 +2190,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59025E+12",
"eventId_g": "26b05153-9d08-11ea-ae69-21cb7df9699b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
@ -2230,7 +2230,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59016E+12",
"eventId_g": "ccecb972-9c3f-11ea-9bba-c16b951fdfc3",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "98.98.98.98",
@ -2250,7 +2250,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59016E+12",
"eventId_g": "cd3c600b-9c3f-11ea-8979-f9c33d0ca68b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "98.98.98.98",
@ -2270,7 +2270,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59016E+12",
"eventId_g": "30690763-9c44-11ea-a53b-9b43877f6dd1",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "98.98.98.98",
@ -2290,7 +2290,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59016E+12",
"eventId_g": "30c5f483-9c44-11ea-9860-398dfe606d2b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "98.98.98.98",
@ -2330,7 +2330,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.5902E+12",
"eventId_g": "ec97b9f6-9c98-11ea-99ef-f5eee234d36b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -2350,7 +2350,7 @@
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.5902E+12",
"eventId_g": "ece64fab-9c98-11ea-a717-d55d72138d6f",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
@ -2370,12 +2370,12 @@
"requestUrl_s": "",
"eventTime_d": "1.5902E+12",
"eventId_g": "ffec9cfd-9c98-11ea-b5b5-e55f0282f26b",
"loginName_s": "sanitized_email.com",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "User sanitized_email.com retrieved secret for API ID XKFHEIYWPRU in org 12261",
"description_s": "User sanitized@sanitized.com retrieved secret for API ID XKFHEIYWPRU in org 12261",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},

1300
Sample Data/Custom/CarbonBlackEvents_CL.json
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

20
Sample Data/Custom/CarbonBlackNotifications_CL.json
Просмотреть файл

@ -54,11 +54,11 @@
"threatInfo_threatCause_originSourceType_s": "",
"url_s": "https://defense-prod05.conferdeploy.net/cb/investigate/processes?query=process_guid:NE2F3D55-013a6074-000013b0-00000000-1d634654ecf865f%20AND%20device_id:20602996%20AND%20report_id:GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b&searchWindow=ALL",
"eventTime_d": "1.59061E+12",
"eventDescription_s": "[AzureSentinel] [Carbon Black has detected a threat against your company.] [https://defense-prod05.conferdeploy.net#device/20602996/incident/NE2F3D55-013a6074-000013b0-00000000-1d634654ecf865f-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b] [Process powershell.exe was detected by the report \"Execution - Powershell Execution With Unrestriced or Bypass Flags Detected\" in watchlist \"Carbon Black Endpoint Visibility\"] [Incident id: NE2F3D55-013a6074-000013b0-00000000-1d634654ecf865f-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b] [Threat score: 6] [Group: Standard] [Email: sanitized_email.com] [Name: Endpoint2] [Type and OS: WINDOWS pscr-sensor] [Severity: 6]\n",
"eventDescription_s": "[AzureSentinel] [Carbon Black has detected a threat against your company.] [https://defense-prod05.conferdeploy.net#device/20602996/incident/NE2F3D55-013a6074-000013b0-00000000-1d634654ecf865f-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b] [Process powershell.exe was detected by the report \"Execution - Powershell Execution With Unrestriced or Bypass Flags Detected\" in watchlist \"Carbon Black Endpoint Visibility\"] [Incident id: NE2F3D55-013a6074-000013b0-00000000-1d634654ecf865f-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b] [Threat score: 6] [Group: Standard] [Email: sanitized@sanitized.com] [Name: Endpoint2] [Type and OS: WINDOWS pscr-sensor] [Severity: 6]\n",
"deviceInfo_deviceId_d": "20602996",
"deviceInfo_deviceName_s": "Endpoint2",
"deviceInfo_groupName_s": "Standard",
"deviceInfo_email_s": "sanitized_email.com",
"deviceInfo_email_s": "sanitized@sanitized.com",
"deviceInfo_deviceType_s": "WINDOWS",
"deviceInfo_deviceVersion_s": "pscr-sensor",
"deviceInfo_targetPriorityType_s": "HIGH",
@ -129,11 +129,11 @@
"threatInfo_threatCause_originSourceType_s": "",
"url_s": "https://defense-prod05.conferdeploy.net/cb/investigate/processes?query=process_guid:NE2F3D55-013a6074-00001524-00000000-1d6347599d05d0d%20AND%20device_id:20602996%20AND%20report_id:GUWNtEmJQhKmuOTxoRV8hA-13d6501c-8ea5-497d-b043-6de9fb53c4d6&searchWindow=ALL",
"eventTime_d": "1.59062E+12",
"eventDescription_s": "[AzureSentinel] [Carbon Black has detected a threat against your company.] [https://defense-prod05.conferdeploy.net#device/20602996/incident/NE2F3D55-013a6074-00001524-00000000-1d6347599d05d0d-GUWNtEmJQhKmuOTxoRV8hA-13d6501c-8ea5-497d-b043-6de9fb53c4d6] [Process explorer.exe was detected by the report \"Defense Evasion - Possible Persistence Regmod - Active Setup Components\" in watchlist \"Carbon Black Endpoint Visibility\"] [Incident id: NE2F3D55-013a6074-00001524-00000000-1d6347599d05d0d-GUWNtEmJQhKmuOTxoRV8hA-13d6501c-8ea5-497d-b043-6de9fb53c4d6] [Threat score: 3] [Group: Standard] [Email: sanitized_email.com] [Name: Endpoint2] [Type and OS: WINDOWS pscr-sensor] [Severity: 3]\n",
"eventDescription_s": "[AzureSentinel] [Carbon Black has detected a threat against your company.] [https://defense-prod05.conferdeploy.net#device/20602996/incident/NE2F3D55-013a6074-00001524-00000000-1d6347599d05d0d-GUWNtEmJQhKmuOTxoRV8hA-13d6501c-8ea5-497d-b043-6de9fb53c4d6] [Process explorer.exe was detected by the report \"Defense Evasion - Possible Persistence Regmod - Active Setup Components\" in watchlist \"Carbon Black Endpoint Visibility\"] [Incident id: NE2F3D55-013a6074-00001524-00000000-1d6347599d05d0d-GUWNtEmJQhKmuOTxoRV8hA-13d6501c-8ea5-497d-b043-6de9fb53c4d6] [Threat score: 3] [Group: Standard] [Email: sanitized@sanitized.com] [Name: Endpoint2] [Type and OS: WINDOWS pscr-sensor] [Severity: 3]\n",
"deviceInfo_deviceId_d": "20602996",
"deviceInfo_deviceName_s": "Endpoint2",
"deviceInfo_groupName_s": "Standard",
"deviceInfo_email_s": "sanitized_email.com",
"deviceInfo_email_s": "sanitized@sanitized.com",
"deviceInfo_deviceType_s": "WINDOWS",
"deviceInfo_deviceVersion_s": "pscr-sensor",
"deviceInfo_targetPriorityType_s": "HIGH",
@ -204,11 +204,11 @@
"threatInfo_threatCause_originSourceType_s": "",
"url_s": "https://defense-prod05.conferdeploy.net/cb/investigate/processes?query=process_guid:NE2F3D55-013a6074-00001524-00000000-1d6347599d05d0d%20AND%20device_id:20602996%20AND%20report_id:GUWNtEmJQhKmuOTxoRV8hA-5d9d91a4-a88d-4ce4-a895-1e01f56b9ee8&searchWindow=ALL",
"eventTime_d": "1.59062E+12",
"eventDescription_s": "[AzureSentinel] [Carbon Black has detected a threat against your company.] [https://defense-prod05.conferdeploy.net#device/20602996/incident/NE2F3D55-013a6074-00001524-00000000-1d6347599d05d0d-GUWNtEmJQhKmuOTxoRV8hA-5d9d91a4-a88d-4ce4-a895-1e01f56b9ee8] [Process explorer.exe was detected by the report \"Persistence - Winlogon Registry Modification Detected\" in watchlist \"Carbon Black Endpoint Visibility\"] [Incident id: NE2F3D55-013a6074-00001524-00000000-1d6347599d05d0d-GUWNtEmJQhKmuOTxoRV8hA-5d9d91a4-a88d-4ce4-a895-1e01f56b9ee8] [Threat score: 3] [Group: Standard] [Email: sanitized_email.com] [Name: Endpoint2] [Type and OS: WINDOWS pscr-sensor] [Severity: 3]\n",
"eventDescription_s": "[AzureSentinel] [Carbon Black has detected a threat against your company.] [https://defense-prod05.conferdeploy.net#device/20602996/incident/NE2F3D55-013a6074-00001524-00000000-1d6347599d05d0d-GUWNtEmJQhKmuOTxoRV8hA-5d9d91a4-a88d-4ce4-a895-1e01f56b9ee8] [Process explorer.exe was detected by the report \"Persistence - Winlogon Registry Modification Detected\" in watchlist \"Carbon Black Endpoint Visibility\"] [Incident id: NE2F3D55-013a6074-00001524-00000000-1d6347599d05d0d-GUWNtEmJQhKmuOTxoRV8hA-5d9d91a4-a88d-4ce4-a895-1e01f56b9ee8] [Threat score: 3] [Group: Standard] [Email: sanitized@sanitized.com] [Name: Endpoint2] [Type and OS: WINDOWS pscr-sensor] [Severity: 3]\n",
"deviceInfo_deviceId_d": "20602996",
"deviceInfo_deviceName_s": "Endpoint2",
"deviceInfo_groupName_s": "Standard",
"deviceInfo_email_s": "sanitized_email.com",
"deviceInfo_email_s": "sanitized@sanitized.com",
"deviceInfo_deviceType_s": "WINDOWS",
"deviceInfo_deviceVersion_s": "pscr-sensor",
"deviceInfo_targetPriorityType_s": "HIGH",
@ -279,11 +279,11 @@
"threatInfo_threatCause_originSourceType_s": "",
"url_s": "https://defense-prod05.conferdeploy.net/cb/investigate/processes?query=process_guid:NE2F3D55-013a6074-00000488-00000000-1d62fabf40236f4%20AND%20device_id:20602996%20AND%20report_id:GUWNtEmJQhKmuOTxoRV8hA-5d9d91a4-a88d-4ce4-a895-1e01f56b9ee8&searchWindow=ALL",
"eventTime_d": "1.59062E+12",
"eventDescription_s": "[AzureSentinel] [Carbon Black has detected a threat against your company.] [https://defense-prod05.conferdeploy.net#device/20602996/incident/NE2F3D55-013a6074-00000488-00000000-1d62fabf40236f4-GUWNtEmJQhKmuOTxoRV8hA-5d9d91a4-a88d-4ce4-a895-1e01f56b9ee8] [Process svchost.exe was detected by the report \"Persistence - Winlogon Registry Modification Detected\" in watchlist \"Carbon Black Endpoint Visibility\"] [Incident id: NE2F3D55-013a6074-00000488-00000000-1d62fabf40236f4-GUWNtEmJQhKmuOTxoRV8hA-5d9d91a4-a88d-4ce4-a895-1e01f56b9ee8] [Threat score: 3] [Group: Standard] [Email: sanitized_email.com] [Name: Endpoint2] [Type and OS: WINDOWS pscr-sensor] [Severity: 3]\n",
"eventDescription_s": "[AzureSentinel] [Carbon Black has detected a threat against your company.] [https://defense-prod05.conferdeploy.net#device/20602996/incident/NE2F3D55-013a6074-00000488-00000000-1d62fabf40236f4-GUWNtEmJQhKmuOTxoRV8hA-5d9d91a4-a88d-4ce4-a895-1e01f56b9ee8] [Process svchost.exe was detected by the report \"Persistence - Winlogon Registry Modification Detected\" in watchlist \"Carbon Black Endpoint Visibility\"] [Incident id: NE2F3D55-013a6074-00000488-00000000-1d62fabf40236f4-GUWNtEmJQhKmuOTxoRV8hA-5d9d91a4-a88d-4ce4-a895-1e01f56b9ee8] [Threat score: 3] [Group: Standard] [Email: sanitized@sanitized.com] [Name: Endpoint2] [Type and OS: WINDOWS pscr-sensor] [Severity: 3]\n",
"deviceInfo_deviceId_d": "20602996",
"deviceInfo_deviceName_s": "Endpoint2",
"deviceInfo_groupName_s": "Standard",
"deviceInfo_email_s": "sanitized_email.com",
"deviceInfo_email_s": "sanitized@sanitized.com",
"deviceInfo_deviceType_s": "WINDOWS",
"deviceInfo_deviceVersion_s": "pscr-sensor",
"deviceInfo_targetPriorityType_s": "HIGH",
@ -354,11 +354,11 @@
"threatInfo_threatCause_originSourceType_s": "",
"url_s": "https://defense-prod05.conferdeploy.net/cb/investigate/processes?query=process_guid:NE2F3D55-013a6074-00001758-00000000-1d6344c296a9dc8%20AND%20device_id:20602996%20AND%20report_id:GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b&searchWindow=ALL",
"eventTime_d": "1.5906E+12",
"eventDescription_s": "[AzureSentinel] [Carbon Black has detected a threat against your company.] [https://defense-prod05.conferdeploy.net#device/20602996/incident/NE2F3D55-013a6074-00001758-00000000-1d6344c296a9dc8-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b] [Process powershell.exe was detected by the report \"Execution - Powershell Execution With Unrestriced or Bypass Flags Detected\" in watchlist \"Carbon Black Endpoint Visibility\"] [Incident id: NE2F3D55-013a6074-00001758-00000000-1d6344c296a9dc8-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b] [Threat score: 6] [Group: Standard] [Email: sanitized_email.com] [Name: Endpoint2] [Type and OS: WINDOWS pscr-sensor] [Severity: 6]\n",
"eventDescription_s": "[AzureSentinel] [Carbon Black has detected a threat against your company.] [https://defense-prod05.conferdeploy.net#device/20602996/incident/NE2F3D55-013a6074-00001758-00000000-1d6344c296a9dc8-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b] [Process powershell.exe was detected by the report \"Execution - Powershell Execution With Unrestriced or Bypass Flags Detected\" in watchlist \"Carbon Black Endpoint Visibility\"] [Incident id: NE2F3D55-013a6074-00001758-00000000-1d6344c296a9dc8-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b] [Threat score: 6] [Group: Standard] [Email: sanitized@sanitized.com] [Name: Endpoint2] [Type and OS: WINDOWS pscr-sensor] [Severity: 6]\n",
"deviceInfo_deviceId_d": "20602996",
"deviceInfo_deviceName_s": "Endpoint2",
"deviceInfo_groupName_s": "Standard",
"deviceInfo_email_s": "sanitized_email.com",
"deviceInfo_email_s": "sanitized@sanitized.com",
"deviceInfo_deviceType_s": "WINDOWS",
"deviceInfo_deviceVersion_s": "pscr-sensor",
"deviceInfo_targetPriorityType_s": "HIGH",

8
Sample Data/Custom/CiscoDuo_CL.json
Просмотреть файл

@ -520,7 +520,7 @@
"auth_device_location_country_s": "United States",
"auth_device_location_state_s": "Michigan",
"auth_device_name_s": "My iPhone X (734-555-2342)",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"factor_s": "duo_push",
"reason_s": "user_approved",
@ -529,7 +529,7 @@
"txid_g": "340a23e3-23f3-23c1-87dc-1491a23dfdbb",
"user_groups_s": "[\n \"Duo Users\",\n \"CorpHQ Users\"\n]",
"user_key_s": "XXXXXXXXXXXXXXXXXXXX",
"user_name_s": "sanitized_email.com",
"user_name_s": "sanitized@sanitized.com",
"explanations_s": "",
"from_common_netblock_b": "",
"from_new_user_b": "",
@ -769,7 +769,7 @@
"auth_device_location_country_s": "United States",
"auth_device_location_state_s": "Michigan",
"auth_device_name_s": "My iPhone X (734-555-2342)",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"factor_s": "duo_push",
"reason_s": "user_approved",
@ -778,7 +778,7 @@
"txid_g": "340a23e3-23f3-23c1-87dc-1491a23dfdbb",
"user_groups_s": "[\n \"Duo Users\",\n \"CorpHQ Users\"\n]",
"user_key_s": "XXXXXXXXXXXXXXXXXXXX",
"user_name_s": "sanitized_email.com",
"user_name_s": "sanitized@sanitized.com",
"explanations_s": "",
"from_common_netblock_b": "",
"from_new_user_b": "",

22
Sample Data/Custom/Corelight_CL.json
Просмотреть файл

@ -15,7 +15,7 @@
"hostname":"srv-sentinel-000"
},
{
"message":"{\"ts\":\"2018-08-03T23:37:54.545927Z\",\"uid\":\"C7dt3I3EPGcL9Dfob3\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":2153,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"passwordnedxp\",\"mailfrom\":\"sanitized_email.com\",\"rcptto\":[\"sanitized_email.com\"],\"date\":\"Wed, 11 Mar 2015 13:20:11 +0100\",\"from\":\"\\u0022Password Ned\\u0022 <sanitized_email.com>\",\"to\":[\"\\u0022Homer\\u0022 <sanitized_email.com>\"],\"msg_id\":\"<EF168BBF16E344D49311C8F4870E03BF@passwordnedxp>\",\"subject\":\"Re: www.pwned.se now online\",\"last_reply\":\"250 <54EF7C1F0039BECF> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.53\"],\"user_agent\":\"Microsoft Outlook Express 6.00.2900.5512\",\"tls\":false,\"fuids\":[\"FkYyUX3O20nQIB8Oej\"],\"is_webmail\":false}",
"message":"{\"ts\":\"2018-08-03T23:37:54.545927Z\",\"uid\":\"C7dt3I3EPGcL9Dfob3\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":2153,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"passwordnedxp\",\"mailfrom\":\"sanitized@sanitized.com\",\"rcptto\":[\"sanitized@sanitized.com\"],\"date\":\"Wed, 11 Mar 2015 13:20:11 +0100\",\"from\":\"\\u0022Password Ned\\u0022 <sanitized@sanitized.com>\",\"to\":[\"\\u0022Homer\\u0022 <sanitized@sanitized.com>\"],\"msg_id\":\"<EF168BBF16E344D49311C8F4870E03BF@passwordnedxp>\",\"subject\":\"Re: www.pwned.se now online\",\"last_reply\":\"250 <54EF7C1F0039BECF> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.53\"],\"user_agent\":\"Microsoft Outlook Express 6.00.2900.5512\",\"tls\":false,\"fuids\":[\"FkYyUX3O20nQIB8Oej\"],\"is_webmail\":false}",
"log_file":"/var/log/corelight/smtp_20180803_16:37:37-16:40:00-0700.log",
"hostname":"srv-sentinel-000"
},
@ -90,27 +90,27 @@
"hostname":"srv-sentinel-000"
},
{
"message":"{\"ts\":\"2018-08-03T23:38:01.446597Z\",\"uid\":\"CvTrYj2scU7ZCC5pCe\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":3706,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"passwordnedxp\",\"mailfrom\":\"sanitized_email.com\",\"rcptto\":[\"sanitized_email.com\"],\"date\":\"Fri, 13 Mar 2015 14:01:05 +0100\",\"from\":\"\\u0022Password Ned\\u0022 <sanitized_email.com>\",\"to\":[\"<sanitized_email.com>\"],\"msg_id\":\"<5782CF072601423EAC2E00492D5218F4@passwordnedxp>\",\"subject\":\"Re: I\\u0027d like to purchase a secure password\",\"last_reply\":\"250 <54E6F8320061B982> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.53\"],\"user_agent\":\"Microsoft Outlook Express 6.00.2900.5512\",\"tls\":false,\"fuids\":[\"FIsdVz2Dv4ezujWIn4\",\"F0WUmi4UiEdfo1GSu3\"],\"is_webmail\":false}",
"message":"{\"ts\":\"2018-08-03T23:38:01.446597Z\",\"uid\":\"CvTrYj2scU7ZCC5pCe\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":3706,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"passwordnedxp\",\"mailfrom\":\"sanitized@sanitized.com\",\"rcptto\":[\"sanitized@sanitized.com\"],\"date\":\"Fri, 13 Mar 2015 14:01:05 +0100\",\"from\":\"\\u0022Password Ned\\u0022 <sanitized@sanitized.com>\",\"to\":[\"<sanitized@sanitized.com>\"],\"msg_id\":\"<5782CF072601423EAC2E00492D5218F4@passwordnedxp>\",\"subject\":\"Re: I\\u0027d like to purchase a secure password\",\"last_reply\":\"250 <54E6F8320061B982> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.53\"],\"user_agent\":\"Microsoft Outlook Express 6.00.2900.5512\",\"tls\":false,\"fuids\":[\"FIsdVz2Dv4ezujWIn4\",\"F0WUmi4UiEdfo1GSu3\"],\"is_webmail\":false}",
"log_file":"/var/log/corelight/smtp_20180803_16:37:37-16:40:00-0700.log",
"hostname":"srv-sentinel-000"
},
{
"message":"{\"ts\":\"2018-08-03T23:38:01.560483Z\",\"uid\":\"CPT5L914wmfDebfHsb\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":3852,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"passwordnedxp\",\"mailfrom\":\"sanitized_email.com\",\"rcptto\":[\"sanitized_email.com\"],\"date\":\"Fri, 13 Mar 2015 16:16:02 +0100\",\"from\":\"\\u0022Password Ned\\u0022 <sanitized_email.com>\",\"to\":[\"\\u0022Homer\\u0022 <sanitized_email.com>\"],\"msg_id\":\"<3DAC7AF9CE584CE293ED592C27084E16@passwordnedxp>\",\"subject\":\"Fw: You\\u0027re running a vulnerable version of SkyBlueCanvas\",\"last_reply\":\"250 <54E6F832006275FE> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.53\"],\"user_agent\":\"Microsoft Outlook Express 6.00.2900.5512\",\"tls\":false,\"fuids\":[\"FZEZ0W15JFy6T7yl6e\",\"FB5z1b1ruqnFdUigN3\"],\"is_webmail\":false}",
"message":"{\"ts\":\"2018-08-03T23:38:01.560483Z\",\"uid\":\"CPT5L914wmfDebfHsb\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":3852,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"passwordnedxp\",\"mailfrom\":\"sanitized@sanitized.com\",\"rcptto\":[\"sanitized@sanitized.com\"],\"date\":\"Fri, 13 Mar 2015 16:16:02 +0100\",\"from\":\"\\u0022Password Ned\\u0022 <sanitized@sanitized.com>\",\"to\":[\"\\u0022Homer\\u0022 <sanitized@sanitized.com>\"],\"msg_id\":\"<3DAC7AF9CE584CE293ED592C27084E16@passwordnedxp>\",\"subject\":\"Fw: You\\u0027re running a vulnerable version of SkyBlueCanvas\",\"last_reply\":\"250 <54E6F832006275FE> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.53\"],\"user_agent\":\"Microsoft Outlook Express 6.00.2900.5512\",\"tls\":false,\"fuids\":[\"FZEZ0W15JFy6T7yl6e\",\"FB5z1b1ruqnFdUigN3\"],\"is_webmail\":false}",
"log_file":"/var/log/corelight/smtp_20180803_16:37:37-16:40:00-0700.log",
"hostname":"srv-sentinel-000"
},
{
"message":"{\"ts\":\"2018-08-03T23:38:05.518121Z\",\"uid\":\"CG4WBv1YvP5xn6hJP5\",\"id.orig_h\":\"192.168.0.51\",\"id.orig_p\":60362,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"[192.168.0.51]\",\"mailfrom\":\"sanitized_email.com\",\"rcptto\":[\"sanitized_email.com\"],\"date\":\"Tue, 17 Mar 2015 08:17:43 +0100\",\"from\":\"Homer <sanitized_email.com>\",\"to\":[\"Krusty <sanitized_email.com>\"],\"msg_id\":\"<5507D517.2010809@gmx.com>\",\"in_reply_to\":\"<009501d05d7a$b933aff0$2b9b0fd0$@gmail.com>\",\"subject\":\"Re: I\\u0027ve got 61 problems but my job aint one\",\"last_reply\":\"250 <54E6F832006D9D22> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.51\"],\"user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0\",\"tls\":false,\"fuids\":[\"F6UDerS2pfvei0KRb\",\"FXrqL92XflpLEXVZ44\",\"FgO5rW3M7VlUyIcCyd\"],\"is_webmail\":false}",
"message":"{\"ts\":\"2018-08-03T23:38:05.518121Z\",\"uid\":\"CG4WBv1YvP5xn6hJP5\",\"id.orig_h\":\"192.168.0.51\",\"id.orig_p\":60362,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"[192.168.0.51]\",\"mailfrom\":\"sanitized@sanitized.com\",\"rcptto\":[\"sanitized@sanitized.com\"],\"date\":\"Tue, 17 Mar 2015 08:17:43 +0100\",\"from\":\"Homer <sanitized@sanitized.com>\",\"to\":[\"Krusty <sanitized@sanitized.com>\"],\"msg_id\":\"<5507D517.2010809@gmx.com>\",\"in_reply_to\":\"<009501d05d7a$b933aff0$2b9b0fd0$@gmail.com>\",\"subject\":\"Re: I\\u0027ve got 61 problems but my job aint one\",\"last_reply\":\"250 <54E6F832006D9D22> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.51\"],\"user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0\",\"tls\":false,\"fuids\":[\"F6UDerS2pfvei0KRb\",\"FXrqL92XflpLEXVZ44\",\"FgO5rW3M7VlUyIcCyd\"],\"is_webmail\":false}",
"log_file":"/var/log/corelight/smtp_20180803_16:37:37-16:40:00-0700.log",
"hostname":"srv-sentinel-000"
},
{
"message":"{\"ts\":\"2018-08-03T23:38:05.534084Z\",\"uid\":\"Cka4Bv1qmbA1RTFF53\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":1289,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"passwordnedxp\",\"mailfrom\":\"sanitized_email.com\",\"rcptto\":[\"sanitized_email.com\"],\"date\":\"Tue, 17 Mar 2015 08:30:26 +0100\",\"from\":\"\\u0022Password Ned\\u0022 <sanitized_email.com>\",\"to\":[\"\\u0022Homer\\u0022 <sanitized_email.com>\"],\"msg_id\":\"<3EF8E091DB36430A96BC3A6C31A183F8@passwordnedxp>\",\"subject\":\"Fw: The frog is back!\",\"last_reply\":\"250 <54EF7C1F00507F60> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.53\"],\"user_agent\":\"Microsoft Outlook Express 6.00.2900.5512\",\"tls\":false,\"fuids\":[\"FfJJQ74pDIlEgQWhGf\",\"FzVjQqYsRcLYhdctg\",\"FqnOzl4JMMdMrbOt72\"],\"is_webmail\":false}",
"message":"{\"ts\":\"2018-08-03T23:38:05.534084Z\",\"uid\":\"Cka4Bv1qmbA1RTFF53\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":1289,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"passwordnedxp\",\"mailfrom\":\"sanitized@sanitized.com\",\"rcptto\":[\"sanitized@sanitized.com\"],\"date\":\"Tue, 17 Mar 2015 08:30:26 +0100\",\"from\":\"\\u0022Password Ned\\u0022 <sanitized@sanitized.com>\",\"to\":[\"\\u0022Homer\\u0022 <sanitized@sanitized.com>\"],\"msg_id\":\"<3EF8E091DB36430A96BC3A6C31A183F8@passwordnedxp>\",\"subject\":\"Fw: The frog is back!\",\"last_reply\":\"250 <54EF7C1F00507F60> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.53\"],\"user_agent\":\"Microsoft Outlook Express 6.00.2900.5512\",\"tls\":false,\"fuids\":[\"FfJJQ74pDIlEgQWhGf\",\"FzVjQqYsRcLYhdctg\",\"FqnOzl4JMMdMrbOt72\"],\"is_webmail\":false}",
"log_file":"/var/log/corelight/smtp_20180803_16:37:37-16:40:00-0700.log",
"hostname":"srv-sentinel-000"
},
{
"message":"{\"ts\":\"2018-08-03T23:38:05.546444Z\",\"uid\":\"CaOpm4JpVQx9WPa7d\",\"id.orig_h\":\"192.168.0.51\",\"id.orig_p\":60390,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"[192.168.0.51]\",\"mailfrom\":\"sanitized_email.com\",\"rcptto\":[\"sanitized_email.com\"],\"date\":\"Tue, 17 Mar 2015 08:48:37 +0100\",\"from\":\"Homer <sanitized_email.com>\",\"to\":[\"Password Ned <sanitized_email.com>\"],\"msg_id\":\"<5507DC55.6090005@gmx.com>\",\"in_reply_to\":\"<3EF8E091DB36430A96BC3A6C31A183F8@passwordnedxp>\",\"subject\":\"Re: Fw: The frog is back!\",\"last_reply\":\"250 <54EF7C1F00509EF1> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.51\"],\"user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0\",\"tls\":false,\"fuids\":[\"FakMHq1PsByTwuXldh\",\"FsjHdk229asuLxBht6\"],\"is_webmail\":false}",
"message":"{\"ts\":\"2018-08-03T23:38:05.546444Z\",\"uid\":\"CaOpm4JpVQx9WPa7d\",\"id.orig_h\":\"192.168.0.51\",\"id.orig_p\":60390,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"[192.168.0.51]\",\"mailfrom\":\"sanitized@sanitized.com\",\"rcptto\":[\"sanitized@sanitized.com\"],\"date\":\"Tue, 17 Mar 2015 08:48:37 +0100\",\"from\":\"Homer <sanitized@sanitized.com>\",\"to\":[\"Password Ned <sanitized@sanitized.com>\"],\"msg_id\":\"<5507DC55.6090005@gmx.com>\",\"in_reply_to\":\"<3EF8E091DB36430A96BC3A6C31A183F8@passwordnedxp>\",\"subject\":\"Re: Fw: The frog is back!\",\"last_reply\":\"250 <54EF7C1F00509EF1> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.51\"],\"user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0\",\"tls\":false,\"fuids\":[\"FakMHq1PsByTwuXldh\",\"FsjHdk229asuLxBht6\"],\"is_webmail\":false}",
"log_file":"/var/log/corelight/smtp_20180803_16:37:37-16:40:00-0700.log",
"hostname":"srv-sentinel-000"
},
@ -120,12 +120,12 @@
"hostname":"srv-sentinel-000"
},
{
"message":"{\"ts\":\"2018-08-03T23:38:07.634540Z\",\"uid\":\"C6o9LOw6TqD2qMLEc\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":1322,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"passwordnedxp\",\"mailfrom\":\"sanitized_email.com\",\"rcptto\":[\"sanitized_email.com\",\"sanitized_email.com\"],\"date\":\"Tue, 17 Mar 2015 10:15:02 +0100\",\"from\":\"\\u0022Password Ned\\u0022 <sanitized_email.com>\",\"to\":[\"\\u0022Edsger Dijkstra\\u0022 <sanitized_email.com>\"],\"msg_id\":\"<82576B8A45B540B7BF165BEF67BB02C5@passwordnedxp>\",\"subject\":\"Re: The frog is back!\",\"last_reply\":\"250 <54E6F832006E937A> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.53\"],\"user_agent\":\"Microsoft Outlook Express 6.00.2900.5512\",\"tls\":false,\"fuids\":[\"FvPQjWWCYLJefchUh\",\"FzpSIF3VtoCmG9x903\"],\"is_webmail\":false}",
"message":"{\"ts\":\"2018-08-03T23:38:07.634540Z\",\"uid\":\"C6o9LOw6TqD2qMLEc\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":1322,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"passwordnedxp\",\"mailfrom\":\"sanitized@sanitized.com\",\"rcptto\":[\"sanitized@sanitized.com\",\"sanitized@sanitized.com\"],\"date\":\"Tue, 17 Mar 2015 10:15:02 +0100\",\"from\":\"\\u0022Password Ned\\u0022 <sanitized@sanitized.com>\",\"to\":[\"\\u0022Edsger Dijkstra\\u0022 <sanitized@sanitized.com>\"],\"msg_id\":\"<82576B8A45B540B7BF165BEF67BB02C5@passwordnedxp>\",\"subject\":\"Re: The frog is back!\",\"last_reply\":\"250 <54E6F832006E937A> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.53\"],\"user_agent\":\"Microsoft Outlook Express 6.00.2900.5512\",\"tls\":false,\"fuids\":[\"FvPQjWWCYLJefchUh\",\"FzpSIF3VtoCmG9x903\"],\"is_webmail\":false}",
"log_file":"/var/log/corelight/smtp_20180803_16:37:37-16:40:00-0700.log",
"hostname":"srv-sentinel-000"
},
{
"message":"{\"ts\":\"2018-08-03T23:38:12.367493Z\",\"uid\":\"C5yXAv453aG4WkzlBj\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":1283,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"passwordnedxp\",\"mailfrom\":\"sanitized_email.com\",\"rcptto\":[\"sanitized_email.com\",\"sanitized_email.com\"],\"date\":\"Thu, 19 Mar 2015 12:42:06 +0100\",\"from\":\"\\u0022Password Ned\\u0022 <sanitized_email.com>\",\"to\":[\"\\u0022Homer\\u0022 <sanitized_email.com>\"],\"cc\":[\"\\u0022Krusty\\u0022 <sanitized_email.com>\"],\"msg_id\":\"<A0E1C8DD4D4F4B93A3F65533283A85BA@passwordnedxp>\",\"subject\":\"Fw: My password has leaked online\",\"last_reply\":\"250 <54EF7C1F005E0201> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.53\"],\"user_agent\":\"Microsoft Outlook Express 6.00.2900.5512\",\"tls\":false,\"fuids\":[\"FaliahTGJHuhFeWt2\",\"FcR4TLdk7gJDb6h9k\"],\"is_webmail\":false}",
"message":"{\"ts\":\"2018-08-03T23:38:12.367493Z\",\"uid\":\"C5yXAv453aG4WkzlBj\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":1283,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"passwordnedxp\",\"mailfrom\":\"sanitized@sanitized.com\",\"rcptto\":[\"sanitized@sanitized.com\",\"sanitized@sanitized.com\"],\"date\":\"Thu, 19 Mar 2015 12:42:06 +0100\",\"from\":\"\\u0022Password Ned\\u0022 <sanitized@sanitized.com>\",\"to\":[\"\\u0022Homer\\u0022 <sanitized@sanitized.com>\"],\"cc\":[\"\\u0022Krusty\\u0022 <sanitized@sanitized.com>\"],\"msg_id\":\"<A0E1C8DD4D4F4B93A3F65533283A85BA@passwordnedxp>\",\"subject\":\"Fw: My password has leaked online\",\"last_reply\":\"250 <54EF7C1F005E0201> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.53\"],\"user_agent\":\"Microsoft Outlook Express 6.00.2900.5512\",\"tls\":false,\"fuids\":[\"FaliahTGJHuhFeWt2\",\"FcR4TLdk7gJDb6h9k\"],\"is_webmail\":false}",
"log_file":"/var/log/corelight/smtp_20180803_16:37:37-16:40:00-0700.log",
"hostname":"srv-sentinel-000"
},
@ -180,12 +180,12 @@
"hostname":"srv-sentinel-000"
},
{
"message":"{\"ts\":\"2018-08-03T23:38:48.925701Z\",\"uid\":\"CEH0pi3rUh8dJO0Agj\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":2370,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"seen.indicator\":\"sanitized_email.com\",\"seen.indicator_type\":\"Intel::EMAIL\",\"seen.where\":\"SMTP::IN_RCPT_TO\",\"matched\":[\"Intel::EMAIL\"],\"sources\":[\"Corelight MISP (5b1f252a-8d38-4a6e-8bcb-06a10a0ac7c9) - Corelight\"]}",
"message":"{\"ts\":\"2018-08-03T23:38:48.925701Z\",\"uid\":\"CEH0pi3rUh8dJO0Agj\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":2370,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"seen.indicator\":\"sanitized@sanitized.com\",\"seen.indicator_type\":\"Intel::EMAIL\",\"seen.where\":\"SMTP::IN_RCPT_TO\",\"matched\":[\"Intel::EMAIL\"],\"sources\":[\"Corelight MISP (5b1f252a-8d38-4a6e-8bcb-06a10a0ac7c9) - Corelight\"]}",
"log_file":"/var/log/corelight/intel_20180803_16:37:37-16:40:00-0700.log",
"hostname":"srv-sentinel-000"
},
{
"message":"{\"ts\":\"2018-08-03T23:38:48.925701Z\",\"uid\":\"CEH0pi3rUh8dJO0Agj\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":2370,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"seen.indicator\":\"sanitized_email.com\",\"seen.indicator_type\":\"Intel::EMAIL\",\"seen.where\":\"SMTP::IN_TO\",\"matched\":[\"Intel::EMAIL\"],\"sources\":[\"Corelight MISP (5b1f252a-8d38-4a6e-8bcb-06a10a0ac7c9) - Corelight\"]}",
"message":"{\"ts\":\"2018-08-03T23:38:48.925701Z\",\"uid\":\"CEH0pi3rUh8dJO0Agj\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":2370,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"seen.indicator\":\"sanitized@sanitized.com\",\"seen.indicator_type\":\"Intel::EMAIL\",\"seen.where\":\"SMTP::IN_TO\",\"matched\":[\"Intel::EMAIL\"],\"sources\":[\"Corelight MISP (5b1f252a-8d38-4a6e-8bcb-06a10a0ac7c9) - Corelight\"]}",
"log_file":"/var/log/corelight/intel_20180803_16:37:37-16:40:00-0700.log",
"hostname":"srv-sentinel-000"
},
@ -255,7 +255,7 @@
"hostname":"srv-sentinel-000"
},
{
"message":"{\"ts\":\"2018-08-03T23:38:48.973457Z\",\"uid\":\"CEH0pi3rUh8dJO0Agj\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":2370,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"passwordnedxp\",\"mailfrom\":\"sanitized_email.com\",\"rcptto\":[\"sanitized_email.com\",\"sanitized_email.com\"],\"date\":\"Tue, 7 Apr 2015 15:36:29 +0200\",\"from\":\"\\u0022Password Ned\\u0022 <sanitized_email.com>\",\"to\":[\"\\u0022Krusty\\u0022 <sanitized_email.com>\",\"<sanitized_email.com>\"],\"msg_id\":\"<5E99EDAF8CAE4C34862FF55486CB99C5@passwordnedxp>\",\"subject\":\"Re: Krusty, unable to deliver your item, #00000529832\",\"last_reply\":\"250 <54EF7C1F00AD3590> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.53\"],\"user_agent\":\"Microsoft Outlook Express 6.00.2900.5512\",\"tls\":false,\"fuids\":[\"FS5nuj3XkXvMebrmdb\",\"FPxQhPcrO0yOQFbh9\"],\"is_webmail\":false}",
"message":"{\"ts\":\"2018-08-03T23:38:48.973457Z\",\"uid\":\"CEH0pi3rUh8dJO0Agj\",\"id.orig_h\":\"192.168.0.53\",\"id.orig_p\":2370,\"id.resp_h\":\"81.236.55.3\",\"id.resp_p\":25,\"trans_depth\":1,\"helo\":\"passwordnedxp\",\"mailfrom\":\"sanitized@sanitized.com\",\"rcptto\":[\"sanitized@sanitized.com\",\"sanitized@sanitized.com\"],\"date\":\"Tue, 7 Apr 2015 15:36:29 +0200\",\"from\":\"\\u0022Password Ned\\u0022 <sanitized@sanitized.com>\",\"to\":[\"\\u0022Krusty\\u0022 <sanitized@sanitized.com>\",\"<sanitized@sanitized.com>\"],\"msg_id\":\"<5E99EDAF8CAE4C34862FF55486CB99C5@passwordnedxp>\",\"subject\":\"Re: Krusty, unable to deliver your item, #00000529832\",\"last_reply\":\"250 <54EF7C1F00AD3590> Mail accepted\",\"path\":[\"81.236.55.3\",\"192.168.0.53\"],\"user_agent\":\"Microsoft Outlook Express 6.00.2900.5512\",\"tls\":false,\"fuids\":[\"FS5nuj3XkXvMebrmdb\",\"FPxQhPcrO0yOQFbh9\"],\"is_webmail\":false}",
"log_file":"/var/log/corelight/smtp_20180803_16:37:37-16:40:00-0700.log",
"hostname":"srv-sentinel-000"
},

80
Sample Data/Custom/DuoSecurityAdministrator_CL.json
Просмотреть файл

@ -29,7 +29,7 @@
"object_s": "xyz",
"timestamp_d": "1612918707",
"username_s": "xyz",
"description_s": "{\"administrative_units\": \"\", \"is_temporary_password\": false, \"role\": \"Owner\", \"phone\": \"+15555555555\", \"restricted_by_admin_units\": false, \"status\": \"Pending Activation\", \"email\": \"sanitized_email.com\", \"hardtoken\": null, \"name\": \"xyz\"}",
"description_s": "{\"administrative_units\": \"\", \"is_temporary_password\": false, \"role\": \"Owner\", \"phone\": \"+15555555555\", \"restricted_by_admin_units\": false, \"status\": \"Pending Activation\", \"email\": \"sanitized@sanitized.com\", \"hardtoken\": null, \"name\": \"xyz\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -471,7 +471,7 @@
"object_s": "testuser",
"timestamp_d": "1612932655",
"username_s": "xyz",
"description_s": "{\"email\": \"sanitized_email.com\", \"realname\": \"test user\"}",
"description_s": "{\"email\": \"sanitized@sanitized.com\", \"realname\": \"test user\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -675,7 +675,7 @@
"object_s": "testuser",
"timestamp_d": "1612986538",
"username_s": "xyz",
"description_s": "{\"email\": \"sanitized_email.com\"}",
"description_s": "{\"email\": \"sanitized@sanitized.com\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -689,10 +689,10 @@
"RawData": "",
"action_s": "send_enroll_code",
"isotimestamp_t [UTC]": "2/10/2021, 7:51:47.000 PM",
"object_s": "sanitized_email.com",
"object_s": "sanitized@sanitized.com",
"timestamp_d": "1612986707",
"username_s": "xyz",
"description_s": "{\"email\": \"sanitized_email.com\", \"expire\": 1615578708, \"uname\": \"testuser\"}",
"description_s": "{\"email\": \"sanitized@sanitized.com\", \"expire\": 1615578708, \"uname\": \"testuser\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -913,7 +913,7 @@
"object_s": "testuser2",
"timestamp_d": "1613009009",
"username_s": "xyz",
"description_s": "{\"status\": \"Bypass\", \"email\": \"sanitized_email.com\"}",
"description_s": "{\"status\": \"Bypass\", \"email\": \"sanitized@sanitized.com\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -927,10 +927,10 @@
"RawData": "",
"action_s": "send_enroll_code",
"isotimestamp_t [UTC]": "2/11/2021, 2:03:33.000 AM",
"object_s": "sanitized_email.com",
"object_s": "sanitized@sanitized.com",
"timestamp_d": "1613009013",
"username_s": "xyz",
"description_s": "{\"expire\": 1615601013, \"uname\": \"testuser2\", \"email\": \"sanitized_email.com\"}",
"description_s": "{\"expire\": 1615601013, \"uname\": \"testuser2\", \"email\": \"sanitized@sanitized.com\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -998,7 +998,7 @@
"object_s": "xyz",
"timestamp_d": "1612918707",
"username_s": "xyz",
"description_s": "{\"administrative_units\": \"\", \"is_temporary_password\": false, \"role\": \"Owner\", \"phone\": \"+15555555555\", \"restricted_by_admin_units\": false, \"status\": \"Pending Activation\", \"email\": \"sanitized_email.com\", \"hardtoken\": null, \"name\": \"xyz\"}",
"description_s": "{\"administrative_units\": \"\", \"is_temporary_password\": false, \"role\": \"Owner\", \"phone\": \"+15555555555\", \"restricted_by_admin_units\": false, \"status\": \"Pending Activation\", \"email\": \"sanitized@sanitized.com\", \"hardtoken\": null, \"name\": \"xyz\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -1440,7 +1440,7 @@
"object_s": "testuser",
"timestamp_d": "1612932655",
"username_s": "xyz",
"description_s": "{\"email\": \"sanitized_email.com\", \"realname\": \"test user\"}",
"description_s": "{\"email\": \"sanitized@sanitized.com\", \"realname\": \"test user\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -1644,7 +1644,7 @@
"object_s": "testuser",
"timestamp_d": "1612986538",
"username_s": "xyz",
"description_s": "{\"email\": \"sanitized_email.com\"}",
"description_s": "{\"email\": \"sanitized@sanitized.com\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -1658,10 +1658,10 @@
"RawData": "",
"action_s": "send_enroll_code",
"isotimestamp_t [UTC]": "2/10/2021, 7:51:47.000 PM",
"object_s": "sanitized_email.com",
"object_s": "sanitized@sanitized.com",
"timestamp_d": "1612986707",
"username_s": "xyz",
"description_s": "{\"email\": \"sanitized_email.com\", \"expire\": 1615578708, \"uname\": \"testuser\"}",
"description_s": "{\"email\": \"sanitized@sanitized.com\", \"expire\": 1615578708, \"uname\": \"testuser\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -1882,7 +1882,7 @@
"object_s": "testuser2",
"timestamp_d": "1613009009",
"username_s": "xyz",
"description_s": "{\"status\": \"Bypass\", \"email\": \"sanitized_email.com\"}",
"description_s": "{\"status\": \"Bypass\", \"email\": \"sanitized@sanitized.com\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -1896,10 +1896,10 @@
"RawData": "",
"action_s": "send_enroll_code",
"isotimestamp_t [UTC]": "2/11/2021, 2:03:33.000 AM",
"object_s": "sanitized_email.com",
"object_s": "sanitized@sanitized.com",
"timestamp_d": "1613009013",
"username_s": "xyz",
"description_s": "{\"expire\": 1615601013, \"uname\": \"testuser2\", \"email\": \"sanitized_email.com\"}",
"description_s": "{\"expire\": 1615601013, \"uname\": \"testuser2\", \"email\": \"sanitized@sanitized.com\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -1967,7 +1967,7 @@
"object_s": "xyz",
"timestamp_d": "1612918707",
"username_s": "xyz",
"description_s": "{\"administrative_units\": \"\", \"is_temporary_password\": false, \"role\": \"Owner\", \"phone\": \"+15555555555\", \"restricted_by_admin_units\": false, \"status\": \"Pending Activation\", \"email\": \"sanitized_email.com\", \"hardtoken\": null, \"name\": \"xyz\"}",
"description_s": "{\"administrative_units\": \"\", \"is_temporary_password\": false, \"role\": \"Owner\", \"phone\": \"+15555555555\", \"restricted_by_admin_units\": false, \"status\": \"Pending Activation\", \"email\": \"sanitized@sanitized.com\", \"hardtoken\": null, \"name\": \"xyz\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -2409,7 +2409,7 @@
"object_s": "testuser",
"timestamp_d": "1612932655",
"username_s": "xyz",
"description_s": "{\"email\": \"sanitized_email.com\", \"realname\": \"test user\"}",
"description_s": "{\"email\": \"sanitized@sanitized.com\", \"realname\": \"test user\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -2613,7 +2613,7 @@
"object_s": "testuser",
"timestamp_d": "1612986538",
"username_s": "xyz",
"description_s": "{\"email\": \"sanitized_email.com\"}",
"description_s": "{\"email\": \"sanitized@sanitized.com\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -2627,10 +2627,10 @@
"RawData": "",
"action_s": "send_enroll_code",
"isotimestamp_t [UTC]": "2/10/2021, 7:51:47.000 PM",
"object_s": "sanitized_email.com",
"object_s": "sanitized@sanitized.com",
"timestamp_d": "1612986707",
"username_s": "xyz",
"description_s": "{\"email\": \"sanitized_email.com\", \"expire\": 1615578708, \"uname\": \"testuser\"}",
"description_s": "{\"email\": \"sanitized@sanitized.com\", \"expire\": 1615578708, \"uname\": \"testuser\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -2851,7 +2851,7 @@
"object_s": "testuser2",
"timestamp_d": "1613009009",
"username_s": "xyz",
"description_s": "{\"status\": \"Bypass\", \"email\": \"sanitized_email.com\"}",
"description_s": "{\"status\": \"Bypass\", \"email\": \"sanitized@sanitized.com\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -2865,10 +2865,10 @@
"RawData": "",
"action_s": "send_enroll_code",
"isotimestamp_t [UTC]": "2/11/2021, 2:03:33.000 AM",
"object_s": "sanitized_email.com",
"object_s": "sanitized@sanitized.com",
"timestamp_d": "1613009013",
"username_s": "xyz",
"description_s": "{\"expire\": 1615601013, \"uname\": \"testuser2\", \"email\": \"sanitized_email.com\"}",
"description_s": "{\"expire\": 1615601013, \"uname\": \"testuser2\", \"email\": \"sanitized@sanitized.com\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -2936,7 +2936,7 @@
"object_s": "xyz",
"timestamp_d": "1612918707",
"username_s": "xyz",
"description_s": "{\"administrative_units\": \"\", \"is_temporary_password\": false, \"role\": \"Owner\", \"phone\": \"+15555555555\", \"restricted_by_admin_units\": false, \"status\": \"Pending Activation\", \"email\": \"sanitized_email.com\", \"hardtoken\": null, \"name\": \"xyz\"}",
"description_s": "{\"administrative_units\": \"\", \"is_temporary_password\": false, \"role\": \"Owner\", \"phone\": \"+15555555555\", \"restricted_by_admin_units\": false, \"status\": \"Pending Activation\", \"email\": \"sanitized@sanitized.com\", \"hardtoken\": null, \"name\": \"xyz\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -3378,7 +3378,7 @@
"object_s": "testuser",
"timestamp_d": "1612932655",
"username_s": "xyz",
"description_s": "{\"email\": \"sanitized_email.com\", \"realname\": \"test user\"}",
"description_s": "{\"email\": \"sanitized@sanitized.com\", \"realname\": \"test user\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -3582,7 +3582,7 @@
"object_s": "testuser",
"timestamp_d": "1612986538",
"username_s": "xyz",
"description_s": "{\"email\": \"sanitized_email.com\"}",
"description_s": "{\"email\": \"sanitized@sanitized.com\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -3596,10 +3596,10 @@
"RawData": "",
"action_s": "send_enroll_code",
"isotimestamp_t [UTC]": "2/10/2021, 7:51:47.000 PM",
"object_s": "sanitized_email.com",
"object_s": "sanitized@sanitized.com",
"timestamp_d": "1612986707",
"username_s": "xyz",
"description_s": "{\"email\": \"sanitized_email.com\", \"expire\": 1615578708, \"uname\": \"testuser\"}",
"description_s": "{\"email\": \"sanitized@sanitized.com\", \"expire\": 1615578708, \"uname\": \"testuser\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -3820,7 +3820,7 @@
"object_s": "testuser2",
"timestamp_d": "1613009009",
"username_s": "xyz",
"description_s": "{\"status\": \"Bypass\", \"email\": \"sanitized_email.com\"}",
"description_s": "{\"status\": \"Bypass\", \"email\": \"sanitized@sanitized.com\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -3834,10 +3834,10 @@
"RawData": "",
"action_s": "send_enroll_code",
"isotimestamp_t [UTC]": "2/11/2021, 2:03:33.000 AM",
"object_s": "sanitized_email.com",
"object_s": "sanitized@sanitized.com",
"timestamp_d": "1613009013",
"username_s": "xyz",
"description_s": "{\"expire\": 1615601013, \"uname\": \"testuser2\", \"email\": \"sanitized_email.com\"}",
"description_s": "{\"expire\": 1615601013, \"uname\": \"testuser2\", \"email\": \"sanitized@sanitized.com\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -3905,7 +3905,7 @@
"object_s": "xyz",
"timestamp_d": "1612918707",
"username_s": "xyz",
"description_s": "{\"administrative_units\": \"\", \"is_temporary_password\": false, \"role\": \"Owner\", \"phone\": \"+15555555555\", \"restricted_by_admin_units\": false, \"status\": \"Pending Activation\", \"email\": \"sanitized_email.com\", \"hardtoken\": null, \"name\": \"xyz\"}",
"description_s": "{\"administrative_units\": \"\", \"is_temporary_password\": false, \"role\": \"Owner\", \"phone\": \"+15555555555\", \"restricted_by_admin_units\": false, \"status\": \"Pending Activation\", \"email\": \"sanitized@sanitized.com\", \"hardtoken\": null, \"name\": \"xyz\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -4347,7 +4347,7 @@
"object_s": "testuser",
"timestamp_d": "1612932655",
"username_s": "xyz",
"description_s": "{\"email\": \"sanitized_email.com\", \"realname\": \"test user\"}",
"description_s": "{\"email\": \"sanitized@sanitized.com\", \"realname\": \"test user\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -4551,7 +4551,7 @@
"object_s": "testuser",
"timestamp_d": "1612986538",
"username_s": "xyz",
"description_s": "{\"email\": \"sanitized_email.com\"}",
"description_s": "{\"email\": \"sanitized@sanitized.com\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -4565,10 +4565,10 @@
"RawData": "",
"action_s": "send_enroll_code",
"isotimestamp_t [UTC]": "2/10/2021, 7:51:47.000 PM",
"object_s": "sanitized_email.com",
"object_s": "sanitized@sanitized.com",
"timestamp_d": "1612986707",
"username_s": "xyz",
"description_s": "{\"email\": \"sanitized_email.com\", \"expire\": 1615578708, \"uname\": \"testuser\"}",
"description_s": "{\"email\": \"sanitized@sanitized.com\", \"expire\": 1615578708, \"uname\": \"testuser\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -4789,7 +4789,7 @@
"object_s": "testuser2",
"timestamp_d": "1613009009",
"username_s": "xyz",
"description_s": "{\"status\": \"Bypass\", \"email\": \"sanitized_email.com\"}",
"description_s": "{\"status\": \"Bypass\", \"email\": \"sanitized@sanitized.com\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},
@ -4803,10 +4803,10 @@
"RawData": "",
"action_s": "send_enroll_code",
"isotimestamp_t [UTC]": "2/11/2021, 2:03:33.000 AM",
"object_s": "sanitized_email.com",
"object_s": "sanitized@sanitized.com",
"timestamp_d": "1613009013",
"username_s": "xyz",
"description_s": "{\"expire\": 1615601013, \"uname\": \"testuser2\", \"email\": \"sanitized_email.com\"}",
"description_s": "{\"expire\": 1615601013, \"uname\": \"testuser2\", \"email\": \"sanitized@sanitized.com\"}",
"Type": "DuoSecurityAdministrator_CL",
"_ResourceId": ""
},

40
Sample Data/Custom/DuoSecurityAuthentication_CL.json
Просмотреть файл

@ -21,7 +21,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/11/2021, 2:16:10.555 AM",
"reason_s": "bypass_user",
@ -132,7 +132,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/10/2021, 7:52:30.052 PM",
"reason_s": "bypass_user",
@ -169,7 +169,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/10/2021, 7:52:09.057 PM",
"reason_s": "bypass_user",
@ -206,7 +206,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/10/2021, 7:51:56.933 PM",
"reason_s": "bypass_user",
@ -243,7 +243,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/11/2021, 2:16:10.555 AM",
"reason_s": "bypass_user",
@ -354,7 +354,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/10/2021, 7:52:30.052 PM",
"reason_s": "bypass_user",
@ -391,7 +391,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/10/2021, 7:52:09.057 PM",
"reason_s": "bypass_user",
@ -428,7 +428,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/10/2021, 7:51:56.933 PM",
"reason_s": "bypass_user",
@ -465,7 +465,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/11/2021, 2:16:10.555 AM",
"reason_s": "bypass_user",
@ -576,7 +576,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/10/2021, 7:52:30.052 PM",
"reason_s": "bypass_user",
@ -613,7 +613,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/10/2021, 7:52:09.057 PM",
"reason_s": "bypass_user",
@ -650,7 +650,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/10/2021, 7:51:56.933 PM",
"reason_s": "bypass_user",
@ -687,7 +687,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/11/2021, 2:16:10.555 AM",
"reason_s": "bypass_user",
@ -798,7 +798,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/10/2021, 7:52:30.052 PM",
"reason_s": "bypass_user",
@ -835,7 +835,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/10/2021, 7:52:09.057 PM",
"reason_s": "bypass_user",
@ -872,7 +872,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/10/2021, 7:51:56.933 PM",
"reason_s": "bypass_user",
@ -909,7 +909,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/11/2021, 2:16:10.555 AM",
"reason_s": "bypass_user",
@ -1020,7 +1020,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/10/2021, 7:52:30.052 PM",
"reason_s": "bypass_user",
@ -1057,7 +1057,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/10/2021, 7:52:09.057 PM",
"reason_s": "bypass_user",
@ -1094,7 +1094,7 @@
"alias_s": "",
"application_key_s": "DIHFOHWVFZM5MXIBWHTP",
"application_name_s": "portal",
"email_s": "sanitized_email.com",
"email_s": "sanitized@sanitized.com",
"event_type_s": "authentication",
"isotimestamp_t [UTC]": "2/10/2021, 7:51:56.933 PM",
"reason_s": "bypass_user",

14
Sample Data/Custom/GCP_DNS_CL.json
Просмотреть файл

@ -192,7 +192,7 @@
"RawData": "",
"resource_labels_zone_name_s": "",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_requestMetadata_requestAttributes_time_t": "2021-06-17T09:15:33.00000Z",
"payload_serviceName_s": "dns.googleapis.com",
"payload_methodName_s": "dns.managedZones.list",
@ -238,7 +238,7 @@
"RawData": "",
"resource_labels_zone_name_s": "",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_requestMetadata_requestAttributes_time_t": "2021-06-17T09:15:33.00000Z",
"payload_serviceName_s": "dns.googleapis.com",
"payload_methodName_s": "dns.managedZones.list",
@ -284,7 +284,7 @@
"RawData": "",
"resource_labels_zone_name_s": "",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_requestMetadata_requestAttributes_time_t": "2021-06-17T09:15:33.00000Z",
"payload_serviceName_s": "dns.googleapis.com",
"payload_methodName_s": "dns.policies.list",
@ -330,7 +330,7 @@
"RawData": "",
"resource_labels_zone_name_s": "",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_requestMetadata_requestAttributes_time_t": "2021-06-17T09:15:33.00000Z",
"payload_serviceName_s": "dns.googleapis.com",
"payload_methodName_s": "dns.managedZones.list",
@ -376,7 +376,7 @@
"RawData": "",
"resource_labels_zone_name_s": "",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_requestMetadata_requestAttributes_time_t": "2021-06-17T09:15:33.00000Z",
"payload_serviceName_s": "dns.googleapis.com",
"payload_methodName_s": "dns.managedZones.list",
@ -422,7 +422,7 @@
"RawData": "",
"resource_labels_zone_name_s": "gcp-cloud",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_requestMetadata_requestAttributes_time_t": "2021-06-17T09:15:33.00000Z",
"payload_serviceName_s": "dns.googleapis.com",
"payload_methodName_s": "dns.managedZones.get",
@ -468,7 +468,7 @@
"RawData": "",
"resource_labels_zone_name_s": "gcp-cloud",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_requestMetadata_requestAttributes_time_t": "2021-06-17T09:15:33.00000Z",
"payload_serviceName_s": "dns.googleapis.com",
"payload_methodName_s": "dns.resourceRecordSets.list",

32
Sample Data/Custom/GCP_IAM_CL.json
Просмотреть файл

@ -45,8 +45,8 @@
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalSubject_s": "user:sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_authenticationInfo_principalSubject_s": "user:sanitized@sanitized.com",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)",
"payload_requestMetadata_requestAttributes_time_s": "2021-05-27T17:13:43.843455400Z",
@ -132,7 +132,7 @@
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "111111111111111111111",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_authenticationInfo_principalSubject_s": "",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)",
@ -219,7 +219,7 @@
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "000000000000000000000",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_authenticationInfo_principalSubject_s": "",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)",
@ -306,7 +306,7 @@
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "113245997248201920622",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_authenticationInfo_principalSubject_s": "",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)",
@ -393,7 +393,7 @@
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "103635188767181747491",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_authenticationInfo_principalSubject_s": "",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)",
@ -480,8 +480,8 @@
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "111111111111111111111",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalSubject_s": "user:sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_authenticationInfo_principalSubject_s": "user:sanitized@sanitized.com",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36,gzip(gfe)",
"payload_requestMetadata_requestAttributes_time_s": "2021-05-27T17:13:51.342725418Z",
@ -567,8 +567,8 @@
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalSubject_s": "user:sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_authenticationInfo_principalSubject_s": "user:sanitized@sanitized.com",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36,gzip(gfe)",
"payload_requestMetadata_requestAttributes_time_s": "2021-05-31T08:34:05.445668910Z",
@ -654,8 +654,8 @@
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalSubject_s": "user:sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_authenticationInfo_principalSubject_s": "user:sanitized@sanitized.com",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36,gzip(gfe)",
"payload_requestMetadata_requestAttributes_time_s": "2021-05-31T08:34:05.742510752Z",
@ -741,8 +741,8 @@
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalSubject_s": "user:sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_authenticationInfo_principalSubject_s": "user:sanitized@sanitized.com",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36,gzip(gfe)",
"payload_requestMetadata_requestAttributes_time_s": "2021-06-03T12:49:49.767497201Z",
@ -828,8 +828,8 @@
"resource_labels_project_id_s": "test-api-project-111111",
"resource_labels_unique_id_s": "",
"payload__type_s": "type.googleapis.com/google.cloud.audit.AuditLog",
"payload_authenticationInfo_principalEmail_s": "sanitized_email.com",
"payload_authenticationInfo_principalSubject_s": "user:sanitized_email.com",
"payload_authenticationInfo_principalEmail_s": "sanitized@sanitized.com",
"payload_authenticationInfo_principalSubject_s": "user:sanitized@sanitized.com",
"payload_requestMetadata_callerIp_s": "10.10.10.10",
"payload_requestMetadata_callerSuppliedUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36,gzip(gfe)",
"payload_requestMetadata_requestAttributes_time_s": "2021-06-03T12:49:49.804206251Z",

20
Sample Data/Custom/GWorkspace_ReportsAPI_admin_CL.json
Просмотреть файл

@ -19,7 +19,7 @@
"parameters": [
{
"name": "USER_EMAIL",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "PRODUCT_NAME",
@ -34,7 +34,7 @@
],
"event_name": "USER_LICENSE_ASSIGNMENT",
"event_type": "LICENSES_SETTINGS",
"USER_EMAIL": "sanitized_email.com",
"USER_EMAIL": "sanitized@sanitized.com",
"PRODUCT_NAME": "Google Workspace",
"NEW_VALUE": "G Suite Business"
},
@ -49,7 +49,7 @@
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/rdJ3o6SiI-IImZfKDEthgXUM_18\"",
"actor": {
"callerType": "USER",
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "117433848155128707444"
},
"ipAddress": "77.77.77.77",
@ -60,14 +60,14 @@
"parameters": [
{
"name": "USER_EMAIL",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
}
]
}
],
"event_name": "CREATE_USER",
"event_type": "USER_SETTINGS",
"USER_EMAIL": "sanitized_email.com"
"USER_EMAIL": "sanitized@sanitized.com"
},
{
"kind": "admin#reports#activity",
@ -80,7 +80,7 @@
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/AxUrc0OBkhP71yDHBEP7QWLJKe8\"",
"actor": {
"callerType": "USER",
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "117433848155128707444"
},
"ipAddress": "77.77.77.77",
@ -91,18 +91,18 @@
"parameters": [
{
"name": "USER_EMAIL",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "GROUP_EMAIL",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
}
]
}
],
"event_name": "ADD_GROUP_MEMBER",
"event_type": "GROUP_SETTINGS",
"USER_EMAIL": "sanitized_email.com",
"GROUP_EMAIL": "sanitized_email.com"
"USER_EMAIL": "sanitized@sanitized.com",
"GROUP_EMAIL": "sanitized@sanitized.com"
}
]

46
Sample Data/Custom/GWorkspace_ReportsAPI_calendar_CL.json
Просмотреть файл

@ -9,7 +9,7 @@
},
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/ySNOqSK23I8S3eSyIwVM_YpPIyU\"",
"actor": {
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "109950366970271381671"
},
"ownerDomain": "socprime.com",
@ -29,15 +29,15 @@
},
{
"name": "recipient_email",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "calendar_id",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "target_calendar_id",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "notification_message_id",
@ -62,9 +62,9 @@
"event_type": "notification",
"notification_type": "reply_received",
"notification_method": "email",
"recipient_email": "sanitized_email.com",
"calendar_id": "sanitized_email.com",
"target_calendar_id": "sanitized_email.com",
"recipient_email": "sanitized@sanitized.com",
"calendar_id": "sanitized@sanitized.com",
"target_calendar_id": "sanitized@sanitized.com",
"notification_message_id": "<000000000000b67fb605b3bb81be@google.com>",
"event_id": "0n5llhrpmcrvr6s3pesoe06n5n",
"api_kind": "web",
@ -80,7 +80,7 @@
},
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/0zPgS_AvvyPLgUJcdeaY5kkHA44\"",
"actor": {
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "111024176775869387097"
},
"ownerDomain": "socprime.com",
@ -100,15 +100,15 @@
},
{
"name": "recipient_email",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "calendar_id",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "target_calendar_id",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "notification_message_id",
@ -133,9 +133,9 @@
"event_type": "notification",
"notification_type": "changed_event",
"notification_method": "email",
"recipient_email": "sanitized_email.com",
"calendar_id": "sanitized_email.com",
"target_calendar_id": "sanitized_email.com",
"recipient_email": "sanitized@sanitized.com",
"calendar_id": "sanitized@sanitized.com",
"target_calendar_id": "sanitized@sanitized.com",
"notification_message_id": "<00000000000091945805b3bb77d3@google.com>",
"event_id": "0n5llhrpmcrvr6s3pesoe06n5n",
"api_kind": "web",
@ -151,7 +151,7 @@
},
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/ntG7A3DGAPuRMYI2GoPxUs3yJBk\"",
"actor": {
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "116493571738454115081"
},
"ownerDomain": "socprime.com",
@ -166,15 +166,15 @@
},
{
"name": "organizer_calendar_id",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "calendar_id",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "target_calendar_id",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "event_title",
@ -182,7 +182,7 @@
},
{
"name": "event_guest",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "event_response_status",
@ -194,11 +194,11 @@
"event_name": "change_event_guest_response",
"event_type": "event_change",
"event_id": "4t99ageou49oin9nso02kct42m",
"organizer_calendar_id": "sanitized_email.com",
"calendar_id": "sanitized_email.com",
"target_calendar_id": "sanitized_email.com",
"organizer_calendar_id": "sanitized@sanitized.com",
"calendar_id": "sanitized@sanitized.com",
"target_calendar_id": "sanitized@sanitized.com",
"event_title": "First Steps",
"event_guest": "sanitized_email.com",
"event_guest": "sanitized@sanitized.com",
"event_response_status": "accepted"
}
]

36
Sample Data/Custom/GWorkspace_ReportsAPI_drive_CL.json
Просмотреть файл

@ -9,7 +9,7 @@
},
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/ok8bphxpehwyQMjjAojpnEfI07U\"",
"actor": {
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "117433848155128707444"
},
"ipAddress": "51.51.51.51",
@ -52,7 +52,7 @@
},
{
"name": "owner",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "owner_is_shared_drive",
@ -102,7 +102,7 @@
},
{
"name": "owner",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "owner_is_shared_drive",
@ -132,7 +132,7 @@
},
{
"name": "target_user",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "old_value",
@ -176,7 +176,7 @@
},
{
"name": "owner",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "owner_is_shared_drive",
@ -247,7 +247,7 @@
},
{
"name": "owner",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "owner_is_shared_drive",
@ -309,7 +309,7 @@
},
{
"name": "owner",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "owner_is_shared_drive",
@ -332,11 +332,11 @@
"visibility": "private",
"originating_app_id": "962388314550",
"actor_is_collaborator_account": false,
"owner": "sanitized_email.com",
"owner": "sanitized@sanitized.com",
"owner_is_shared_drive": false,
"owner_is_team_drive": false,
"visibility_change": "none",
"target_user": "sanitized_email.com",
"target_user": "sanitized@sanitized.com",
"old_value": [
"owner"
],
@ -362,7 +362,7 @@
},
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/MHRocwdTPYHqyXrfo08T-H_xRtE\"",
"actor": {
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "117433848155128707444"
},
"ipAddress": "51.51.51.51",
@ -405,7 +405,7 @@
},
{
"name": "owner",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "owner_is_shared_drive",
@ -455,7 +455,7 @@
},
{
"name": "owner",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "owner_is_shared_drive",
@ -485,7 +485,7 @@
},
{
"name": "target_user",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "old_value",
@ -529,7 +529,7 @@
},
{
"name": "owner",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "owner_is_shared_drive",
@ -600,7 +600,7 @@
},
{
"name": "owner",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "owner_is_shared_drive",
@ -662,7 +662,7 @@
},
{
"name": "owner",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "owner_is_shared_drive",
@ -685,11 +685,11 @@
"visibility": "private",
"originating_app_id": "962388314550",
"actor_is_collaborator_account": false,
"owner": "sanitized_email.com",
"owner": "sanitized@sanitized.com",
"owner_is_shared_drive": false,
"owner_is_team_drive": false,
"visibility_change": "none",
"target_user": "sanitized_email.com",
"target_user": "sanitized@sanitized.com",
"old_value": [
"owner"
],

6
Sample Data/Custom/GWorkspace_ReportsAPI_login_CL.json
Просмотреть файл

@ -9,7 +9,7 @@
},
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/qRTs0K2awPrx072aa47TG1SS1bc\"",
"actor": {
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "106497629058682804316"
},
"ipAddress": "52.52.52.52",
@ -55,7 +55,7 @@
},
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/pl8MssSkEmdfxMuRwCL7PUqy24Q\"",
"actor": {
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "106497629058682804316"
},
"ipAddress": "52.52.52.52",
@ -104,7 +104,7 @@
},
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/QoYAsdEim4IfdaYn4RWHvFOYyMo\"",
"actor": {
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "106497629058682804316"
},
"ipAddress": "52.52.52.52",

18
Sample Data/Custom/GWorkspace_ReportsAPI_mobile_CL.json
Просмотреть файл

@ -10,7 +10,7 @@
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/7atyZfyMUhruHx8ILVKc3eCprTA\"",
"actor": {
"callerType": "USER",
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "115119904266583144094"
},
"events": [
@ -20,7 +20,7 @@
"parameters": [
{
"name": "USER_EMAIL",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "DEVICE_ID",
@ -59,7 +59,7 @@
],
"event_name": "DEVICE_SYNC_EVENT",
"event_type": "device_updates",
"USER_EMAIL": "sanitized_email.com",
"USER_EMAIL": "sanitized@sanitized.com",
"DEVICE_ID": "260bbc87-0f0b-490e-8bcb-452d7e0b0df1",
"SERIAL_NUMBER": "",
"DEVICE_TYPE": "MAC",
@ -80,7 +80,7 @@
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/kZYYpMUM4rlsDcIxTEkUyZaLAoY\"",
"actor": {
"callerType": "USER",
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "106006796177445084667"
},
"events": [
@ -90,7 +90,7 @@
"parameters": [
{
"name": "USER_EMAIL",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "DEVICE_ID",
@ -129,7 +129,7 @@
],
"event_name": "DEVICE_SYNC_EVENT",
"event_type": "device_updates",
"USER_EMAIL": "sanitized_email.com",
"USER_EMAIL": "sanitized@sanitized.com",
"DEVICE_ID": "b717eaf0-65ea-4e1f-bbe4-69503db4952f",
"SERIAL_NUMBER": "",
"DEVICE_TYPE": "WINDOWS",
@ -150,7 +150,7 @@
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/yNB8_QB300VC4j4TW3rTiHzWsbs\"",
"actor": {
"callerType": "USER",
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "107768716075060161935"
},
"events": [
@ -160,7 +160,7 @@
"parameters": [
{
"name": "USER_EMAIL",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
{
"name": "DEVICE_ID",
@ -199,7 +199,7 @@
],
"event_name": "DEVICE_SYNC_EVENT",
"event_type": "device_updates",
"USER_EMAIL": "sanitized_email.com",
"USER_EMAIL": "sanitized@sanitized.com",
"DEVICE_ID": "cec57193-aabf-42d9-baf0-bb2d6cfba938",
"SERIAL_NUMBER": "VMware-56 4d 82 d4 91 8c f3 92-61 1d a4 e3 f3 d7 22 42",
"DEVICE_TYPE": "WINDOWS",

6
Sample Data/Custom/GWorkspace_ReportsAPI_token_CL.json
Просмотреть файл

@ -9,7 +9,7 @@
},
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/-z59T0Ak79tR1Ovt5CseyUI2H0w\"",
"actor": {
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "109950366970271381671"
},
"ipAddress": "52.52.51.51",
@ -151,7 +151,7 @@
},
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/ZfUEeiwXTk1D4X3WGB620lHkOe4\"",
"actor": {
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "113050896481365905439"
},
"events": [
@ -232,7 +232,7 @@
},
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/l-Tw2SYGlaQiYRZPTIdxwXwyYLM\"",
"actor": {
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "115119904266583144094"
},
"events": [

4
Sample Data/Custom/GWorkspace_ReportsAPI_user_accounts_CL.json
Просмотреть файл

@ -10,7 +10,7 @@
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/O1IKOh4avuA36XST-zl9ImDj8WY\"",
"actor": {
"callerType": "USER",
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "103558135127700430349"
},
"ipAddress": "165.225.207.72",
@ -34,7 +34,7 @@
"etag": "\"PNA2ZR3TS-DeL8kB7gQOm1H5qhZ72uyN90kw26wJK68/9fkBiZLNrDBbKaY4dRdAgVpuYs0\"",
"actor": {
"callerType": "USER",
"email": "sanitized_email.com",
"email": "sanitized@sanitized.com",
"profileId": "103558135127700430349"
},
"ipAddress": "165.225.207.41",

2
Sample Data/Custom/Group IB TIA/GIBTIA_compromised_account.json
Просмотреть файл

@ -54,7 +54,7 @@
"id": "253b9a136f0d574149fc43691eaf7ae27aff141a",
"isFavourite": false,
"isHidden": false,
"login": "sanitized_email.com",
"login": "sanitized@sanitized.com",
"malware": {
"id": "411ac9df6c5515922a56e30013e8b8b366eeec80",
"name": "PredatorStealer"

2
Sample Data/Custom/Group IB TIA/GIBTIA_osi_git_leak.json
Просмотреть файл

@ -48,7 +48,7 @@
"fileDiff": "https://bt.group-ib.com/api/v2/osi/git_leak/f201c253ac71f7d78db39fa111a2af9d7ee7a3f7/cmV2aXNpb24tZmlsZURpZmYtNTQwOGFmNDAxNmU1ZmQxY2E2ZWFkMzU4Y2MzYjJiNGI2MDVmNTRmNjg1OGM3OGJlZjBjZWJlMmRlZTA2ZjA4Zg==",
"hash": "029eef2ec6e7a16d958f4ae666b7295f427f123b",
"info": {
"authorEmail": "sanitized_email.com",
"authorEmail": "sanitized@sanitized.com",
"authorName": "sadsdsa",
"dateCreated": "2019-06-20T13:13:35+00:00"
}

2
Sample Data/Custom/Group IB TIA/GIBTIA_osi_vulnerability.json
Просмотреть файл

@ -56,7 +56,7 @@
"references": [
"https://www.exploit-db.com/exploits/49437"
],
"reporter": "sanitized_email.com",
"reporter": "sanitized@sanitized.com",
"seqUpdate": 16111508458231,
"softwareMixed": [
{

22
Sample Data/Custom/ImpervaWAFCloud_CL.json
Просмотреть файл

@ -1,35 +1,35 @@
[
{
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=438000490120534212 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: sanitized_email.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=a5a4c376-25b5-4c45-9ca5-ee62559c9540 cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=sanitized_email.com start=1624809714018 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET cn1=200 app=HTTP act=REQ_CACHED_FRESH deviceExternalId=269605585508764744 sip=0.0.0.0 spt=0 in=4591 xff=172.105.147.48 cpt=42709 src=172.105.147.48 end=1624809714271"
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=438000490120534212 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: sanitized@sanitized.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=a5a4c376-25b5-4c45-9ca5-ee62559c9540 cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=sanitized@sanitized.com start=1624809714018 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET cn1=200 app=HTTP act=REQ_CACHED_FRESH deviceExternalId=269605585508764744 sip=0.0.0.0 spt=0 in=4591 xff=172.105.147.48 cpt=42709 src=172.105.147.48 end=1624809714271"
},
{
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=387000480007874940 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: sanitized_email.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=265c4484-b748-4ef3-882f-57825e0ad07a cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=sanitized_email.com start=1624809715984 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET app=HTTP act=REQ_BAD_CLIENT_CLOSED_CONNECTION deviceExternalId=9285040714484748 sip=33.33.33.33 spt=8000 xff=172.105.147.33 cpt=45469 src=172.105.147.33 end=1624809725983"
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=387000480007874940 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: sanitized@sanitized.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=265c4484-b748-4ef3-882f-57825e0ad07a cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=sanitized@sanitized.com start=1624809715984 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET app=HTTP act=REQ_BAD_CLIENT_CLOSED_CONNECTION deviceExternalId=9285040714484748 sip=33.33.33.33 spt=8000 xff=172.105.147.33 cpt=45469 src=172.105.147.33 end=1624809725983"
},
{
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=239000010038734543 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: sanitized_email.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=fbc79214-dbc9-4139-aaf7-b41c1ca93d32 cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=sanitized_email.com start=1624809710277 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET app=HTTP act=REQ_BAD_CLIENT_CLOSED_CONNECTION deviceExternalId=130691654354927691 sip=33.33.33.33 spt=8088 xff=172.105.147.28 cpt=38691 src=172.105.147.28 end=1624809720276"
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=239000010038734543 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: sanitized@sanitized.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=fbc79214-dbc9-4139-aaf7-b41c1ca93d32 cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=sanitized@sanitized.com start=1624809710277 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET app=HTTP act=REQ_BAD_CLIENT_CLOSED_CONNECTION deviceExternalId=130691654354927691 sip=33.33.33.33 spt=8088 xff=172.105.147.28 cpt=38691 src=172.105.147.28 end=1624809720276"
},
{
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=438000490120554325 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: sanitized_email.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=5117ee43-9fb8-4cc0-8511-da04c8bb6be2 cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=sanitized_email.com start=1624809796792 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET cn1=200 app=HTTP act=REQ_CACHED_FRESH deviceExternalId=461836287179361353 in=4591 cpt=50803 src=172.105.147.18 end=1624809796793"
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=438000490120554325 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: sanitized@sanitized.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=5117ee43-9fb8-4cc0-8511-da04c8bb6be2 cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=sanitized@sanitized.com start=1624809796792 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET cn1=200 app=HTTP act=REQ_CACHED_FRESH deviceExternalId=461836287179361353 in=4591 cpt=50803 src=172.105.147.18 end=1624809796793"
},
{
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=440000430117303719 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: sanitized_email.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=394706e1-2fc9-4e4d-9e91-a4b92894710d cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=sanitized_email.com start=1624809766257 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET cn1=200 app=HTTP act=REQ_CACHED_FRESH deviceExternalId=253248855397108424 sip=0.0.0.0 spt=0 in=4591 xff=172.105.147.39 cpt=38965 src=172.105.147.39 end=1624809766259"
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=440000430117303719 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: sanitized@sanitized.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=394706e1-2fc9-4e4d-9e91-a4b92894710d cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=sanitized@sanitized.com start=1624809766257 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET cn1=200 app=HTTP act=REQ_CACHED_FRESH deviceExternalId=253248855397108424 sip=0.0.0.0 spt=0 in=4591 xff=172.105.147.39 cpt=38965 src=172.105.147.39 end=1624809766259"
},
{
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=386000440152318281 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: sanitized_email.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=6d10d09c-499e-43d3-a19e-609fb1627b08 cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=sanitized_email.com start=1624809852890 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET app=HTTP act=REQ_BAD_CLIENT_CLOSED_CONNECTION deviceExternalId=327986650758122251 sip=33.33.33.33 spt=8081 xff=172.105.147.82 cpt=58207 src=172.105.147.82 end=1624809864234"
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=386000440152318281 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: sanitized@sanitized.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=6d10d09c-499e-43d3-a19e-609fb1627b08 cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=sanitized@sanitized.com start=1624809852890 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET app=HTTP act=REQ_BAD_CLIENT_CLOSED_CONNECTION deviceExternalId=327986650758122251 sip=33.33.33.33 spt=8081 xff=172.105.147.82 cpt=58207 src=172.105.147.82 end=1624809864234"
},
{
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=1244000410177421731 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: sanitized_email.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=cb2d92a4-c3c2-4d11-ad89-ecfc36da7afc cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=sanitized_email.com start=1624809803325 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET app=HTTP act=REQ_BAD_CLIENT_CLOSED_CONNECTION deviceExternalId=671492671950031436 sip=33.33.33.33 spt=8080 xff=172.105.147.41 cpt=59969 src=172.105.147.41 end=1624809813324"
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=1244000410177421731 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: sanitized@sanitized.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=cb2d92a4-c3c2-4d11-ad89-ecfc36da7afc cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=sanitized@sanitized.com start=1624809803325 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET app=HTTP act=REQ_BAD_CLIENT_CLOSED_CONNECTION deviceExternalId=671492671950031436 sip=33.33.33.33 spt=8080 xff=172.105.147.41 cpt=59969 src=172.105.147.41 end=1624809813324"
},
{
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=440000430117319678 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: sanitized_email.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=47c3c3c8-e681-40c6-a61b-470f63e5d738 cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=sanitized_email.com start=1624809852528 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET cn1=200 app=HTTP act=REQ_CACHED_FRESH deviceExternalId=185856506375703233 in=4591 cpt=51825 src=172.105.147.109 end=1624809852529"
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=440000430117319678 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: sanitized@sanitized.com deviceFacility=atl cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=47c3c3c8-e681-40c6-a61b-470f63e5d738 cs4Label=VID cs5=27f1a8f2e99bd4a64e1b9b7deaad6c028c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Crawler cs6=Expanse cs6Label=clapp ccode=US cicode=Atlanta cs7=33.7485 cs7Label=latitude cs8=-84.3871 cs8Label=longitude Customer=sanitized@sanitized.com start=1624809852528 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET cn1=200 app=HTTP act=REQ_CACHED_FRESH deviceExternalId=185856506375703233 in=4591 cpt=51825 src=172.105.147.109 end=1624809852529"
},
{
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|SQL Injection|0| fileId=536000420203633562 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 deviceFacility=fra cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=3a5239f0-eba1-4d10-9edd-63d078ef11e7 cs4Label=VID cs5=1fa33ee720f821199422001fb69865785b18d140b29684b23ac978ead4910824acce04db7a799841bb033029b4c72b10e33740ea4d2972210f96e3365d25eb25f8148c211177e7e61effce9c12a7de9f1eea71dd57d107a464dfcc54046c78400f9eedd9b846bb0491abe72a4b988e7cd3e7117283cee9f556726334972b7ce9 cs5Label=clappsig dproc=Unclassified cs6=Bot cs6Label=clapp ccode=UA cicode=Kyiv cs7=50.5183 cs7Label=latitude cs8=30.5088 cs8Label=longitude Customer=sanitized_email.com start=1624459989430 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET qstr=e9db863b46KCYodWlkPSopKHVpZD0qKSkofCh1aWQ9KikodXNlclBhc3N3b3JkPXtNRDV9WDAzTU8xcW5aZFlkZ3lmZXVJTFBtUT09KSk app=HTTP act=REQ_BLOCKED_SESSION deviceExternalId=300754127159822978 cpt=63326 src=77.222.131.19 end=1624459989431 fileType=50033 filePermission=666 cs9= cs9Label=Rule name"
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|SQL Injection|0| fileId=536000420203633562 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 deviceFacility=fra cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=3a5239f0-eba1-4d10-9edd-63d078ef11e7 cs4Label=VID cs5=1fa33ee720f821199422001fb69865785b18d140b29684b23ac978ead4910824acce04db7a799841bb033029b4c72b10e33740ea4d2972210f96e3365d25eb25f8148c211177e7e61effce9c12a7de9f1eea71dd57d107a464dfcc54046c78400f9eedd9b846bb0491abe72a4b988e7cd3e7117283cee9f556726334972b7ce9 cs5Label=clappsig dproc=Unclassified cs6=Bot cs6Label=clapp ccode=UA cicode=Kyiv cs7=50.5183 cs7Label=latitude cs8=30.5088 cs8Label=longitude Customer=sanitized@sanitized.com start=1624459989430 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET qstr=e9db863b46KCYodWlkPSopKHVpZD0qKSkofCh1aWQ9KikodXNlclBhc3N3b3JkPXtNRDV9WDAzTU8xcW5aZFlkZ3lmZXVJTFBtUT09KSk app=HTTP act=REQ_BLOCKED_SESSION deviceExternalId=300754127159822978 cpt=63326 src=77.222.131.19 end=1624459989431 fileType=50033 filePermission=666 cs9= cs9Label=Rule name"
},
{
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=536000420203631383 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 deviceFacility=fra cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=d1703207-e303-4fe4-80bf-01bd53547442 cs4Label=VID cs5=1fa33ee720f821199422001fb69865785b18d140b29684b23ac978ead4910824acce04db7a799841bb033029b4c72b10e33740ea4d2972210f96e3365d25eb25f8148c211177e7e61effce9c12a7de9f1eea71dd57d107a464dfcc54046c78400f9eedd9b846bb0491abe72a4b988e7cd3e7117283cee9f556726334972b7ce9 cs5Label=clappsig dproc=Unclassified cs6=Bot cs6Label=clapp ccode=UA cicode=Kyiv cs7=50.5183 cs7Label=latitude cs8=30.5088 cs8Label=longitude Customer=sanitized_email.com start=1624459982372 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=POST postbody=testtrue&bf2e087242%2f%2a%2a%2fUN%2f%2a%2a%2fION%2f%2a%2a%2fSEL%2f%2a%2a%2fECT%2f%2a%2a%2fpassword%2f%2a%2a%2fFR%2fOM%2f%2a%2a%2fUsers%2f%2a%2a%2fWHE%2f%2a%2a%2fRE%2f%2a%2a%2fusersame%2f%2a%2a%2fLIKE%2f%2a%2a%2f%27tom%27-- cn1=405 app=HTTP act=REQ_PASSED deviceExternalId=133619516400208512 sip=33.153.23.33 spt=80 in=285 xff=33.33.33.33 cpt=61269 src=33.222.11.33 end=1624459982378"
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=536000420203631383 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 deviceFacility=fra cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=d1703207-e303-4fe4-80bf-01bd53547442 cs4Label=VID cs5=1fa33ee720f821199422001fb69865785b18d140b29684b23ac978ead4910824acce04db7a799841bb033029b4c72b10e33740ea4d2972210f96e3365d25eb25f8148c211177e7e61effce9c12a7de9f1eea71dd57d107a464dfcc54046c78400f9eedd9b846bb0491abe72a4b988e7cd3e7117283cee9f556726334972b7ce9 cs5Label=clappsig dproc=Unclassified cs6=Bot cs6Label=clapp ccode=UA cicode=Kyiv cs7=50.5183 cs7Label=latitude cs8=30.5088 cs8Label=longitude Customer=sanitized@sanitized.com start=1624459982372 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=POST postbody=testtrue&bf2e087242%2f%2a%2a%2fUN%2f%2a%2a%2fION%2f%2a%2a%2fSEL%2f%2a%2a%2fECT%2f%2a%2a%2fpassword%2f%2a%2a%2fFR%2fOM%2f%2a%2a%2fUsers%2f%2a%2a%2fWHE%2f%2a%2a%2fRE%2f%2a%2a%2fusersame%2f%2a%2a%2fLIKE%2f%2a%2a%2f%27tom%27-- cn1=405 app=HTTP act=REQ_PASSED deviceExternalId=133619516400208512 sip=33.153.23.33 spt=80 in=285 xff=33.33.33.33 cpt=61269 src=33.222.11.33 end=1624459982378"
},
{
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=1344000210263575150 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers&#39; presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: sanitized_email.com deviceFacility=iad cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=acd48a1b-daa0-4ef8-b4d0-9084708bf3a7 cs4Label=VID cs5=3ef4755ba073991770f204961c0d4e188c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Developer Tool cs6=Go HTTP library cs6Label=clapp ccode=US cicode=Washington cs7=38.894 cs7Label=latitude cs8=-77.0365 cs8Label=longitude Customer=sanitized_email.com start=1624671299714 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET app=HTTPS act=REQ_BAD_CLIENT_CLOSED_CONNECTION deviceExternalId=963340059111589198 sip=35.156.26.77 spt=8443 xff=33.83.33.23 cpt=39255 src=34.86.35.29 ver=TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 end=1624671309677"
"Message":"CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| fileId=1344000210263575150 sourceServiceName=jsc6wzftsr8pj2zk.company.name siteid=61539044 suid=1843222 requestClientApplication=Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers&#39; presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: sanitized@sanitized.com deviceFacility=iad cs2=false cs2Label=Javascript Support cs3=false cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=acd48a1b-daa0-4ef8-b4d0-9084708bf3a7 cs4Label=VID cs5=3ef4755ba073991770f204961c0d4e188c0cd935eab7e772d6b541a0817a54f02afdf5ece1cf5aacd2f792b16534eee4 cs5Label=clappsig dproc=Developer Tool cs6=Go HTTP library cs6Label=clapp ccode=US cicode=Washington cs7=38.894 cs7Label=latitude cs8=-77.0365 cs8Label=longitude Customer=sanitized@sanitized.com start=1624671299714 request=jsc6wzftsr8pj2zk.company.name/ requestMethod=GET app=HTTPS act=REQ_BAD_CLIENT_CLOSED_CONNECTION deviceExternalId=963340059111589198 sip=35.156.26.77 spt=8443 xff=33.83.33.23 cpt=39255 src=34.86.35.29 ver=TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 end=1624671309677"
}
]

2
Sample Data/Custom/Lookout_CL.json
Просмотреть файл

@ -846,7 +846,7 @@
},
{
"name": "contact_email",
"to": "sanitized_email.com"
"to": "sanitized@sanitized.com"
},
{
"name": "emergency_contact_number",

2
Sample Data/Custom/NexposeInsightVMCloud_assets_CL.json
Просмотреть файл

@ -583,7 +583,7 @@
"key":"",
"last_found":"2021-06-10T11:41:58.401Z",
"port":443,
"proof":"<p><p>TLS/SSL certificate signed by unknown, untrusted CA: EMAILADDRESS=sanitized_email.com, CN=TemporaryAuthority, OU=Support Team, O=Hewlett-Packard, L=Sunnyvale, ST=California, C=US -- [Path does not chain with any of the trust anchors].</p></p>",
"proof":"<p><p>TLS/SSL certificate signed by unknown, untrusted CA: EMAILADDRESS=sanitized@sanitized.com, CN=TemporaryAuthority, OU=Support Team, O=Hewlett-Packard, L=Sunnyvale, ST=California, C=US -- [Path does not chain with any of the trust anchors].</p></p>",
"protocol":"TCP",
"solution_fix":"<p><p>\n Ensure the common name (CN) reflects the name of the entity \n presenting the certificate (e.g., the hostname).\n If the certificate(s) or any of the chain certificate(s) have \n expired or been revoked, obtain a new certificate from your \n Certificate Authority (CA) by following their documentation. \n If a self-signed certificate is being used, consider obtaining \n a signed certificate from a CA.\n </p><p>\n References: \n <a href=\"https://support.mozilla.org/en-US/kb/connection-untrusted-error-message\">Mozilla: Connection Untrusted Error</a><a href=\"https://www.sslshopper.com/ssl-certificate-not-trusted-error.html\">SSLShopper: SSL Certificate Not Trusted Error</a><a href=\"https://support.microsoft.com/en-us/kb/954755\">Windows/IIS certificate chain config</a><a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html\">Apache SSL config</a><a href=\"http://nginx.org/en/docs/http/configuring_https_servers.html\">Nginx SSL config</a><a href=\"https://certificatechain.io/\">CertificateChain.io</a></p></p>",
"solution_id":"tls-untrusted-ca",

1420
Sample Data/Custom/Okta_CL.json
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

8
Sample Data/Custom/OrcaAlerts_CL.json
Просмотреть файл

@ -406,7 +406,7 @@
"alert_id_s": "orca-780",
"score_d": 3,
"description_s": "Non corporate ssh keys were found",
"details_s": "The ssh authorized keys file contains the following non-corporate account keys: 'sanitized_email.com', 'sanitized_email.com'",
"details_s": "The ssh authorized keys file contains the following non-corporate account keys: 'sanitized@sanitized.com', 'sanitized@sanitized.com'",
"recommendation_s": "Remove the non-corporate users from the asset",
"source_s": "N/A",
"alert_type_s": "non_corporate_auth_key",
@ -417,10 +417,10 @@
"type": "non_corporate_auth_key",
"file": "/home/ubuntu/.ssh/authorized_keys",
"keys": [
"sanitized_email.com",
"sanitized_email.com"
"sanitized@sanitized.com",
"sanitized@sanitized.com"
],
"description": "The ssh authorized keys file contains the following non-corporate account keys: 'sanitized_email.com', 'sanitized_email.com'"
"description": "The ssh authorized keys file contains the following non-corporate account keys: 'sanitized@sanitized.com', 'sanitized@sanitized.com'"
}
},
"asset_name_g": "",

14
Sample Data/Custom/PaloAltoPrismaCloudAlert_CL.json
Просмотреть файл

@ -7,7 +7,7 @@
"policy_recommendation": "test",
"policy_labels": "[]",
"policy_lastModifiedOn": "1616422497101",
"policy_lastModifiedBy": "sanitized_email.com",
"policy_lastModifiedBy": "sanitized@sanitized.com",
"policy_deleted": "false",
"policy_remediation_description": "",
"policy_remediation_impact": "",
@ -73,7 +73,7 @@
"policy_recommendation": "test",
"policy_labels": "[]",
"policy_lastModifiedOn": "1616422497101",
"policy_lastModifiedBy": "sanitized_email.com",
"policy_lastModifiedBy": "sanitized@sanitized.com",
"policy_deleted": "false",
"policy_remediation_description": "",
"policy_remediation_impact": "",
@ -139,7 +139,7 @@
"policy_recommendation": "test",
"policy_labels": "[]",
"policy_lastModifiedOn": "1616422497101",
"policy_lastModifiedBy": "sanitized_email.com",
"policy_lastModifiedBy": "sanitized@sanitized.com",
"policy_deleted": "false",
"policy_remediation_description": "",
"policy_remediation_impact": "",
@ -205,7 +205,7 @@
"policy_recommendation": "test",
"policy_labels": "[]",
"policy_lastModifiedOn": "1616422497101",
"policy_lastModifiedBy": "sanitized_email.com",
"policy_lastModifiedBy": "sanitized@sanitized.com",
"policy_deleted": "false",
"policy_remediation_description": "",
"policy_remediation_impact": "",
@ -271,7 +271,7 @@
"policy_recommendation": "test",
"policy_labels": "[]",
"policy_lastModifiedOn": "1616422497101",
"policy_lastModifiedBy": "sanitized_email.com",
"policy_lastModifiedBy": "sanitized@sanitized.com",
"policy_deleted": "false",
"policy_remediation_description": "",
"policy_remediation_impact": "",
@ -337,7 +337,7 @@
"policy_recommendation": "test",
"policy_labels": "[]",
"policy_lastModifiedOn": "1616422497101",
"policy_lastModifiedBy": "sanitized_email.com",
"policy_lastModifiedBy": "sanitized@sanitized.com",
"policy_deleted": "false",
"policy_remediation_description": "",
"policy_remediation_impact": "",
@ -403,7 +403,7 @@
"policy_recommendation": "test",
"policy_labels": "test",
"policy_lastModifiedOn": "1595561593000",
"policy_lastModifiedBy": "sanitized_email.com",
"policy_lastModifiedBy": "sanitized@sanitized.com",
"policy_deleted": "false",
"policy_remediation_description": "test",
"policy_remediation_impact": "test",

52
Sample Data/Custom/PaloAltoPrismaCloudAudit_CL.json
Просмотреть файл

@ -4,8 +4,8 @@
"user": "00000000-0000-0000-0000-000000000000",
"IPAddress": "10.10.10.10",
"ResourceType": "Login",
"resourceName": "sanitized_email.com",
"action": "'sanitized_email.com'(with role 'System Admin':'System Admin') logged in via SSO-SAML.",
"resourceName": "sanitized@sanitized.com",
"action": "'sanitized@sanitized.com'(with role 'System Admin':'System Admin') logged in via SSO-SAML.",
"result": "Successful"
},
{
@ -13,80 +13,80 @@
"user": "00000000-0000-0000-0000-000000000000",
"IPAddress": "10.10.10.10",
"ResourceType": "Login",
"resourceName": "sanitized_email.com",
"action": "'sanitized_email.com'(with role 'System Admin':'System Admin') logged in via SSO-SAML.",
"resourceName": "sanitized@sanitized.com",
"action": "'sanitized@sanitized.com'(with role 'System Admin':'System Admin') logged in via SSO-SAML.",
"result": "Successful"
},
{
"timestamp": "1616423870400",
"user": "sanitized_email.com",
"user": "sanitized@sanitized.com",
"IPAddress": "10.10.10.10",
"ResourceType": "Login",
"resourceName": "00000000-0000-0000-0000-000000000000",
"action": "'sanitized_email.com'(with role 'System Admin':'System Admin') logged in via SSO-SAML.",
"action": "'sanitized@sanitized.com'(with role 'System Admin':'System Admin') logged in via SSO-SAML.",
"result": "Successful"
},
{
"timestamp": "1616423978545",
"user": "sanitized_email.com",
"user": "sanitized@sanitized.com",
"IPAddress": "10.10.10.10",
"ResourceType": "User Management",
"resourceName": "00000000-0000-0000-0000-000000000000",
"action": "'sanitized_email.com'(with role 'System Admin':'System Admin') created access key 'testapi'",
"action": "'sanitized@sanitized.com'(with role 'System Admin':'System Admin') created access key 'testapi'",
"result": "Successful"
},
{
"timestamp": "1616424686681",
"user": "sanitized_email.com",
"user": "sanitized@sanitized.com",
"IPAddress": "10.10.10.10",
"ResourceType": "Login",
"resourceName": "sanitized_email.com",
"action": "'sanitized_email.com'(with role 'System Admin':'System Admin') logged in via SSO-SAML.",
"resourceName": "sanitized@sanitized.com",
"action": "'sanitized@sanitized.com'(with role 'System Admin':'System Admin') logged in via SSO-SAML.",
"result": "Successful"
},
{
"timestamp": "1616425756546",
"user": "sanitized_email.com",
"user": "sanitized@sanitized.com",
"IPAddress": "10.10.10.10",
"ResourceType": "Login",
"resourceName": "sanitized_email.com",
"action": "'sanitized_email.com'(with role 'System Admin':'System Admin') logged in via access key.",
"resourceName": "sanitized@sanitized.com",
"action": "'sanitized@sanitized.com'(with role 'System Admin':'System Admin') logged in via access key.",
"result": "Successful"
},
{
"timestamp": "1616581253243",
"user": "sanitized_email.com",
"user": "sanitized@sanitized.com",
"IPAddress": "10.10.10.10",
"ResourceType": "Login",
"resourceName": "sanitized_email.com",
"action": "'sanitized_email.com'(with role 'System Admin':'System Admin') logged in via access key.",
"resourceName": "sanitized@sanitized.com",
"action": "'sanitized@sanitized.com'(with role 'System Admin':'System Admin') logged in via access key.",
"result": "Successful"
},
{
"timestamp": "1616581319342",
"user": "sanitized_email.com",
"user": "sanitized@sanitized.com",
"IPAddress": "10.10.10.10",
"ResourceType": "Login",
"resourceName": "sanitized_email.com",
"action": "'sanitized_email.com'(with role 'System Admin':'System Admin') logged in via access key.",
"resourceName": "sanitized@sanitized.com",
"action": "'sanitized@sanitized.com'(with role 'System Admin':'System Admin') logged in via access key.",
"result": "Successful"
},
{
"timestamp": "1616581390055",
"user": "sanitized_email.com",
"user": "sanitized@sanitized.com",
"IPAddress": "10.10.10.10",
"ResourceType": "Login",
"resourceName": "sanitized_email.com",
"action": "'sanitized_email.com'(with role 'System Admin':'System Admin') logged in via access key.",
"resourceName": "sanitized@sanitized.com",
"action": "'sanitized@sanitized.com'(with role 'System Admin':'System Admin') logged in via access key.",
"result": "Successful"
},
{
"timestamp": "1616581454638",
"user": "sanitized_email.com",
"user": "sanitized@sanitized.com",
"IPAddress": "10.10.10.10",
"ResourceType": "Login",
"resourceName": "sanitized_email.com",
"action": "'sanitized_email.com'(with role 'System Admin':'System Admin') logged in via access key.",
"resourceName": "sanitized@sanitized.com",
"action": "'sanitized@sanitized.com'(with role 'System Admin':'System Admin') logged in via access key.",
"result": "Successful"
}
]

44
Sample Data/Custom/ProofPointTAPClicksBlocked_CL_sample_data.json
Просмотреть файл

@ -8,10 +8,10 @@
"Computer": "",
"RawData": "",
"clickTime_t": "2020-04-22T20:15:06Z",
"sender_s": "sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<450D4F1E-E216-496A-9D0D-9180EF992779sanitized_email.com>",
"messageID_s": "<450D4F1E-E216-496A-9D0D-9180EF992779sanitized@sanitized.com>",
"clickIP_s": "00.00.00.00",
"GUID_s": "ALhNQt0WZifN6zzz0WA8cEgEP1bBMe_e",
"url_s": "https://ritter1-my.sharepoint.com/:o:/g/personal/rpolaski_ritter1_com1/EqSjAGRMK_FLtuyzGSIyczUB75G9xtiwuG-9Iavc6RpdFA?e=UK72n9",
@ -34,10 +34,10 @@
"Computer": "",
"RawData": "",
"clickTime_t": "2020-04-22T20:15:06Z",
"sender_s": "sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<450D4F1E-E216-496A-9D0D-9180EF992779sanitized_email.com>",
"messageID_s": "<450D4F1E-E216-496A-9D0D-9180EF992779sanitized@sanitized.com>",
"clickIP_s": "00.00.00.00",
"GUID_s": "ALhNQt0WZifN6zzz0WA8cEgEP1bBMe_e",
"url_s": "https://ritter1-my.sharepoint.com/:o:/g/personal/rpolaski_ritter1_com1/EqSjAGRMK_FLtuyzGSIyczUB75G9xtiwuG-9Iavc6RpdFA?e=UK72n9",
@ -61,7 +61,7 @@
"RawData": "",
"clickTime_t": "2020-04-23T18:03:16Z",
"sender_s": "",
"recipient_s": "sanitized_email.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "",
"clickIP_s": "00.00.00.00",
@ -86,10 +86,10 @@
"Computer": "",
"RawData": "",
"clickTime_t": "2020-04-27T19:51:27Z",
"sender_s": "sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<450D4F1E-E216-496A-9D0D-9180EF992779sanitized_email.com>",
"messageID_s": "<450D4F1E-E216-496A-9D0D-9180EF992779sanitized@sanitized.com>",
"clickIP_s": "00.00.00.00",
"GUID_s": "2WMsHmcWdVPylqkKIbXuauS41iestGs-",
"url_s": "https://onedrive.live.com/redir?resid=A37258A5832F32B8%214809&authkey=%21AB-vlYc5yFWRh28&page=View&wd=target%28Quick%20Notes.one%7Cff180e6d-abd8-44a9-b6b0-32c570f76934%2FRemittance%20Advice%20No.%20CLT90716546%7C5d0e01b0-92ab-48d8-bea8-dae7bfeebcab%2F%29",
@ -112,10 +112,10 @@
"Computer": "",
"RawData": "",
"clickTime_t": "2020-04-28T12:14:48Z",
"sender_s": "sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<450D4F1E-E216-496A-9D0D-9180EF992779sanitized_email.com>",
"messageID_s": "<450D4F1E-E216-496A-9D0D-9180EF992779sanitized@sanitized.com>",
"clickIP_s": "00.00.00.00",
"GUID_s": "YgneddT8DgfdAJeTTP36fc3Ef2DQmnxV",
"url_s": "https://onedrive.live.com/redir?resid=715B49E9BE37C602!1714&authkey=!ALpQQ-ZSyuxMiOo&e=jOtfke",
@ -138,10 +138,10 @@
"Computer": "",
"RawData": "",
"clickTime_t": "2020-04-28T13:14:56Z",
"sender_s": "sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<450D4F1E-E216-496A-9D0D-9180EF992779sanitized_email.com>",
"messageID_s": "<450D4F1E-E216-496A-9D0D-9180EF992779sanitized@sanitized.com>",
"clickIP_s": "00.00.00.00",
"GUID_s": "RitOunZGwWIZ4UkR7n0nLEKyIoEVn-7_",
"url_s": "https://onedrive.live.com/redir?resid=715B49E9BE37C602!1714&authkey=!ALpQQ-ZSyuxMiOo&e=jOtfke",
@ -165,7 +165,7 @@
"RawData": "",
"clickTime_t": "2020-04-28T17:28:40Z",
"sender_s": "",
"recipient_s": "sanitized_email.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "",
"clickIP_s": "00.00.00.00",
@ -191,7 +191,7 @@
"RawData": "",
"clickTime_t": "2020-04-28T17:08:16Z",
"sender_s": "",
"recipient_s": "sanitized_email.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "",
"clickIP_s": "00.00.00.00",
@ -217,7 +217,7 @@
"RawData": "",
"clickTime_t": "2020-04-28T17:08:12Z",
"sender_s": "",
"recipient_s": "sanitized_email.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "",
"clickIP_s": "00.00.00.00",
@ -242,10 +242,10 @@
"Computer": "",
"RawData": "",
"clickTime_t": "2020-04-22T17:44:51Z",
"sender_s": "sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<450D4F1E-E216-496A-9D0D-9180EF992779sanitized_email.com>",
"messageID_s": "<450D4F1E-E216-496A-9D0D-9180EF992779sanitized@sanitized.com>",
"clickIP_s": "00.00.00.00",
"GUID_s": "iRehN8hzg0xwRc2vZuy-SzgJZhTcToRH",
"url_s": "https://1drv.ms/u/s!AjlmjPDZjfaae2UHleJ83CB2rbI?e=Ws5A6S",

24
Sample Data/Custom/ProofPointTAPClicksPermitted_CL_sample_data.json
Просмотреть файл

@ -8,8 +8,8 @@
"Computer": "",
"RawData": "",
"clickTime_t": "2020-04-27T19:50:50Z",
"sender_s": "sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<DM6PR18MB370645748696A23D7907165FC4AF0@DM6PR18MB3706.namprd18.prod.outlook.com>",
"clickIP_s": "00.00.00.00",
@ -34,8 +34,8 @@
"Computer": "",
"RawData": "",
"clickTime_t": "2020-04-17T20:59:38Z",
"sender_s": "sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<DF0B23F5-9DAA-431C-A6B2-4DAE7A9E19D7@yahoo.com>",
"clickIP_s": "00.00.00.00",
@ -61,7 +61,7 @@
"RawData": "",
"clickTime_t": "2020-04-17T15:54:07Z",
"sender_s": "",
"recipient_s": "sanitized_email.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "",
"clickIP_s": "00.00.00.00",
@ -87,7 +87,7 @@
"RawData": "",
"clickTime_t": "2020-04-14T23:10:59Z",
"sender_s": "",
"recipient_s": "sanitized_email.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "",
"clickIP_s": "00.00.00.00",
@ -112,8 +112,8 @@
"Computer": "",
"RawData": "",
"clickTime_t": "2020-04-27T21:56:27Z",
"sender_s": "sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<BN6PR13MB2996E850249232CC5787C18EBAAF0@BN6PR13MB2996.namprd13.prod.outlook.com>",
"clickIP_s": "00.00.00.00",
@ -138,8 +138,8 @@
"Computer": "",
"RawData": "",
"clickTime_t": "2020-04-28T13:55:46Z",
"sender_s": "sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<AE866DAD-C19E-4225-8B5D-4034548CE571@chanel.com>",
"clickIP_s": "00.00.00.00",
@ -164,8 +164,8 @@
"Computer": "",
"RawData": "",
"clickTime_t": "2020-04-24T11:59:09Z",
"sender_s": "sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<22e85feaf00bd2353671ef5a222acc7f@group-activa.com>",
"clickIP_s": "00.00.00.00",

132
Sample Data/Custom/ProofPointTAPMessagesBlocked_CL_sample_data.json
Просмотреть файл

@ -13,18 +13,18 @@
"subject_s": "BROOKS (17124244096) left you a message 21 second(s) long.",
"quarantineRule_s": "module.sandbox.rule.threat",
"replyToAddress_s": "[]",
"toAddresses_s": "sanitized_email.com",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30pax0uf3f-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized_email.com>",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"attached\",\r\n \"sha256\": \"a1ac96cc939effe50aec93c726ca4ef67e5748fa55bf7988301d168a02060161\",\r\n \"md5\": \"2a0e7a82f0aff7fed2d1b13a6336602e\",\r\n \"filename\": \".htm\",\r\n \"sandboxStatus\": \"THREAT\",\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "2998",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\",\r\n \"allow_relay\",\r\n \"firewallsafe\",\r\n \"internalnet\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"urldefense\"\r\n]",
@ -52,26 +52,26 @@
"subject_s": "THE ONLINE DRUGSHOP amplifying the opportunity to impale other man",
"quarantineRule_s": "module.spam.rule.defaultinbound_spam_definite",
"replyToAddress_s": "[]",
"toAddresses_s": "sanitized_email.com",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30mhgfww0q-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized_email.com>",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"28bc3478403b64679b24c24f1c3d85f5fa97393a76a8d9cda49bb3f3244d7b18\",\r\n \"md5\": \"7c9192185123d6014afa57de8d086fc2\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "3269",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "100",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
"GUID_s": "wZPKm75dzvm8trCR2JvmZYCF5lkX82ep",
"cluster_s": "abc_hosted",
"quarantineFolder_s": "InboundDefiniteSpam",
"fromAddress_s": "[\r\n \"56452b6fceba10a5291d2fd9b87b79f7sanitized_email.com\"\r\n]",
"ccAddresses_s": "[\r\n \"981aca6444560fc70ef8d5258b164cffsanitized_email.com\"\r\n]",
"fromAddress_s": "[\r\n \"56452b6fceba10a5291d2fd9b87b79f7sanitized@sanitized.com\"\r\n]",
"ccAddresses_s": "[\r\n \"981aca6444560fc70ef8d5258b164cffsanitized@sanitized.com\"\r\n]",
"xmailer_s": "iPad Mail (13E238)",
"completelyRewritten_b": "FALSE",
"Type": "ProofPointTAPMessagesBlocked_CL",
@ -90,26 +90,26 @@
"messageTime_t": "2020-04-28T15:21:30Z",
"subject_s": "=?utf-8?Q?Time=20to=20move=20off=20BNA=3F=20Enjoy=20a=20preview=20of=20Brocade=20SANnav=20Management=20Portal?=",
"quarantineRule_s": "module.spam.rule.defaultinbound_bulk",
"replyToAddress_s": "sanitized_email.com",
"toAddresses_s": "sanitized_email.com",
"replyToAddress_s": "sanitized@sanitized.com",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30n4bskefr-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized_email.com>",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"d6b2936bcbecd35e4588173215467d0d98c0ca8a40e378bec1878714d50d05e3\",\r\n \"md5\": \"5dec6ecee7a2afc88c25d532aa23f157\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"d40946767fec64dcd165c805498343284d095f00052a40add2c0004b7c3d24cc\",\r\n \"md5\": \"3166305aa434a9b27e8672fa3a67394e\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n }\r\n]",
"headerReplyTo_s": "=?utf-8?Q?Brocade?= <xtwsanitize@sanitized.com>",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "48265",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
"GUID_s": "n9F2qSfAUGOuif5La6gJGG31p5IQof48",
"cluster_s": "abc_hosted",
"quarantineFolder_s": "Bulk",
"fromAddress_s": "[\r\n \"6d223a5c21674829b702c278cd4c8c2fsanitized_email.com\"\r\n]",
"fromAddress_s": "[\r\n \"6d223a5c21674829b702c278cd4c8c2fsanitized@sanitized.com\"\r\n]",
"ccAddresses_s": "[]",
"xmailer_s": "MailChimp Mailer - **CID4d52dc8025000c740f7d**",
"completelyRewritten_b": "FALSE",
@ -127,21 +127,21 @@
"spamScore_d": "0",
"threatsInfoMap_s": "[\r\n {\r\n \"threatID\": \"7ca2d79ade8ae0fadd78e918aa20824fed4688a9ee416a3cc5cb385be7031739\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/7ca2d79ade8ae0fadd78e918aa20824fed4688a9ee416a3cc5cb385be7031739\",\r\n \"threatTime\": \"2020-04-28T15:43:33Z\",\r\n \"threat\": \"storage.googleapis.com/fgfdsd4545454/\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n }\r\n]",
"messageTime_t": "2020-04-28T14:55:17Z",
"subject_s": "dl101sanitized_email.com Received A Document",
"subject_s": "dl101sanitized@sanitized.com Received A Document",
"quarantineRule_s": "module.spam.rule.defaultinbound_spam",
"replyToAddress_s": "sanitized_email.com",
"toAddresses_s": "sanitized_email.com",
"replyToAddress_s": "sanitized@sanitized.com",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30n392kdhh-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized_email.com>",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"attached\",\r\n \"sha256\": \"013d60df53d77cac080bb04033e4f8894e1d4eab89b8043069ab7b45e5c76cb4\",\r\n \"md5\": \"b599fa8eebd35574b59ce3ad55583002\",\r\n \"filename\": \"blue2x-10b63a7e9107c08c8d89a3f8016c133ae4fcf5afb3e59a65fb17e21eeb83148d.png\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"image/png\",\r\n \"contentType\": \"image/png\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"61e349e2391d26402442acf92f1df8f38cf959bc7f1ffca148d6f58ea9e1592e\",\r\n \"md5\": \"a2c9d9a2de2c6b2234408d5c1204e622\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n }\r\n]",
"headerReplyTo_s": "sanitized_email.com",
"headerReplyTo_s": "sanitized@sanitized.com",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "21310",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
@ -168,26 +168,26 @@
"messageTime_t": "2020-04-28T15:15:28Z",
"subject_s": "=?utf-8?Q?Time=20to=20move=20off=20BNA=3F=20Enjoy=20a=20preview=20of=20Brocade=20SANnav=20Management=20Portal?=",
"quarantineRule_s": "module.spam.rule.defaultinbound_bulk",
"replyToAddress_s": "sanitized_email.com",
"toAddresses_s": "sanitized_email.com",
"replyToAddress_s": "sanitized@sanitized.com",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30pf35tf62-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized_email.com>",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"0c0ff478e259f471068c5ddf1328d675fa3d49bd803e04d9aac3aed0cc7222be\",\r\n \"md5\": \"6d459db17507ff6f0818b1d589edafca\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"aa19ae4a23989051610ad377b1adda51101a0db50b0866727b9e091a2a4b788e\",\r\n \"md5\": \"88557b066dc4234c866d445192f8e7ee\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n }\r\n]",
"headerReplyTo_s": "=?utf-8?Q?Brocade?= <sanitized.com@sanitized.com>",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "48263",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
"GUID_s": "3G7d7FRKkq1RxzqS53d5efVkLR31WHQr",
"cluster_s": "abc_hosted",
"quarantineFolder_s": "Bulk",
"fromAddress_s": "[\r\n \"6d223a5c21674829b702c278cd4c8c2fsanitized_email.com\"\r\n]",
"fromAddress_s": "[\r\n \"6d223a5c21674829b702c278cd4c8c2fsanitized@sanitized.com\"\r\n]",
"ccAddresses_s": "[]",
"xmailer_s": "MailChimp Mailer - **CID4d52dc802539d918410f**",
"completelyRewritten_b": "FALSE",
@ -207,26 +207,26 @@
"messageTime_t": "2020-04-28T15:21:31Z",
"subject_s": "=?utf-8?Q?Time=20to=20move=20off=20BNA=3F=20Enjoy=20a=20preview=20of=20Brocade=20SANnav=20Management=20Portal?=",
"quarantineRule_s": "module.spam.rule.defaultinbound_bulk",
"replyToAddress_s": "sanitized_email.com",
"toAddresses_s": "sanitized_email.com",
"replyToAddress_s": "sanitized@sanitized.com",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30n4bskf10-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized_email.com>",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"5ad9e33ffc21c2cc5da05723a002bebf1525f5443f8eca470993ac2f67b2cf0c\",\r\n \"md5\": \"0690782b893a6526815077f26285af33\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"ad50200fa9c35411db85a94365b82adcfa30792c9f67b39bd1ea9fcef9f982a9\",\r\n \"md5\": \"f443e1e02d3b60313d8a69c7900db695\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n }\r\n]",
"headerReplyTo_s": "=?utf-8?Q?Brocade?= <xtwsanitized_email.com>",
"headerReplyTo_s": "=?utf-8?Q?Brocade?= <xtwsanitized@sanitized.com>",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "48222",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\",\r\n \"TAP_Technology\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
"GUID_s": "aprCXPpMxuH-0KnqM7mkHhQqkkM5mGOP",
"cluster_s": "abc_hosted",
"quarantineFolder_s": "Bulk",
"fromAddress_s": "[\r\n \"6d223a5c21674829b702c278cd4c8c2fsanitized_email.com\"\r\n]",
"fromAddress_s": "[\r\n \"6d223a5c21674829b702c278cd4c8c2fsanitized@sanitized.com\"\r\n]",
"ccAddresses_s": "[]",
"xmailer_s": "MailChimp Mailer - **CID4d52dc8025358efeb219**",
"completelyRewritten_b": "FALSE",
@ -244,28 +244,28 @@
"spamScore_d": "100",
"threatsInfoMap_s": "[\r\n {\r\n \"threatID\": \"142c199adf96b20383ad38a442a486a280a2a90c9a81e8d475f00032f12ea3e8\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/142c199adf96b20383ad38a442a486a280a2a90c9a81e8d475f00032f12ea3e8\",\r\n \"threatTime\": \"2020-04-17T00:06:39Z\",\r\n \"threat\": \"firebasestorage.googleapis.com/v0/b/userupdate2020-f6776.appspot.com/\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n }\r\n]",
"messageTime_t": "2020-04-28T15:15:26Z",
"subject_s": "Mail delivery failed: [6] messages to sanitized_email.com delayed for 48 hours",
"subject_s": "Mail delivery failed: [6] messages to sanitized@sanitized.com delayed for 48 hours",
"quarantineRule_s": "module.spam.rule.defaultinbound_spam_definite",
"replyToAddress_s": "[]",
"toAddresses_s": "sanitized_email.com",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30pf35tdqc-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized_email.com>",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"6b536ded3d77f04a70c60a568289ceedea490b1ddd457d337ef35de317cc0760\",\r\n \"md5\": \"c0e137c176f6df000b82d2a4c66e9c78\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "3614",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "100",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
"GUID_s": "psQenS1-GmtXQDWM8hDfmpoLjesN8Pmf",
"cluster_s": "abc_hosted",
"quarantineFolder_s": "InboundDefiniteSpam",
"fromAddress_s": "[\r\n \"sanitized_email.com\"\r\n]",
"fromAddress_s": "[\r\n \"sanitized@sanitized.com\"\r\n]",
"ccAddresses_s": "[]",
"xmailer_s": "",
"completelyRewritten_b": "FALSE",
@ -283,28 +283,28 @@
"spamScore_d": "100",
"threatsInfoMap_s": "[\r\n {\r\n \"threatID\": \"142c199adf96b20383ad38a442a486a280a2a90c9a81e8d475f00032f12ea3e8\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/142c199adf96b20383ad38a442a486a280a2a90c9a81e8d475f00032f12ea3e8\",\r\n \"threatTime\": \"2020-04-17T00:06:39Z\",\r\n \"threat\": \"firebasestorage.googleapis.com/v0/b/userupdate2020-f6776.appspot.com/\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n }\r\n]",
"messageTime_t": "2020-04-28T15:27:17Z",
"subject_s": "Mail delivery failed: [6] messages to sanitized_email.com delayed for 48 hours",
"subject_s": "Mail delivery failed: [6] messages to sanitized@sanitized.com delayed for 48 hours",
"quarantineRule_s": "module.spam.rule.defaultinbound_spam_definite",
"replyToAddress_s": "[]",
"toAddresses_s": "sanitized_email.com",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30n3n93nw3-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized_email.com>",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"06b6c6d0c4bddf0bb2a38ba8aa716cddddcc9e8f7562e32fbb870eba41a4576a\",\r\n \"md5\": \"d3c7d4dba093f54bb3d1697c98b8901b\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "3652",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "100",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
"GUID_s": "vIcTGn0KlQ_OaQoJ0moiqN1H9VzvKj7M",
"cluster_s": "abc_hosted",
"quarantineFolder_s": "InboundDefiniteSpam",
"fromAddress_s": "[\r\n \"sanitized_email.com\"\r\n]",
"fromAddress_s": "[\r\n \"sanitized@sanitized.com\"\r\n]",
"ccAddresses_s": "[]",
"xmailer_s": "",
"completelyRewritten_b": "FALSE",
@ -325,18 +325,18 @@
"subject_s": "Email Quarantine Report For hjb3sanitized.com@sanitized.com",
"quarantineRule_s": "module.spam.rule.defaultinbound_spam_definite",
"replyToAddress_s": "[]",
"toAddresses_s": "sanitized_email.com",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30n3jxuptw-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized_email.com>",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"dfab02a6bfdba32d3687b3fb8d2cee32ba44c4e3fd7b3a3d92504cd098c32205\",\r\n \"md5\": \"50b6fbb842683b759eef3c6605120720\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "7163",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "100",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
@ -364,18 +364,18 @@
"subject_s": "Sex endured by women is probably greater in!",
"quarantineRule_s": "module.spam.rule.defaultinbound_spam_definite",
"replyToAddress_s": "[]",
"toAddresses_s": "sanitized_email.com",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30mhgfwy3t-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized_email.com",
"recipient_s": "sanitized_email.com",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized_email.com>",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"e74eb96cdca7e49e42e1c015486301abfd127332889d01ca067350add677d850\",\r\n \"md5\": \"71b5acb455d3fb6db8f821f404fce525\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"30b822a528992205caa8343e34ed25cb91b1c2ced887de5574aea4ce1ceb2575\",\r\n \"md5\": \"9029bd45b9a03c5677b29f02afaf5fde\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "9701",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",

106
Sample Data/Custom/ProofPointTAPMessagesDelivered_CL_sample_data.json
Просмотреть файл

@ -13,18 +13,18 @@
"subject_s": "Your Reporting Statements Are Ready at WCM Investment Management's Client Portal",
"quarantineRule_s": "module.access.rule.capture_prerewrite",
"replyToAddress_s": "[]",
"toAddresses_s": "[\r\n \"sanitized_email.com\"\r\n]",
"toAddresses_s": "[\r\n \"sanitized@sanitized.com\"\r\n]",
"QID_s": "03I5YVvs004766",
"sender_s": "sanitized_email.com",
"recipient_s": "[\r\n \"sanitized_email.com\"\r\n]",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "[\r\n \"sanitized@sanitized.com\"\r\n]",
"senderIP_s": "00.00.00.00",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized_email.com>",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"59fa658852e9677fcbed74e7140dbd698696657c6ab32e3a3d4942ddf39c08f9\",\r\n \"md5\": \"ee2c83354b0226926d591d8da42bc935\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"f3370b7d844d70f1f0822dd1932ef1010aa05f888862221522860c0fdb487ab2\",\r\n \"md5\": \"149598a811bdc5c84b5023050d6e4025\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "103401",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"pp_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
@ -32,7 +32,7 @@
"quarantineFolder_s": "prerewrite_format",
"xmailer_s": "",
"cluster_s": "xyz_hosted",
"fromAddress_s": "sanitized_email.com",
"fromAddress_s": "sanitized@sanitized.com",
"ccAddresses_s": "[]",
"completelyRewritten_b": "FALSE",
"Type": "ProofPointTAPMessagesDelivered_CL",
@ -47,23 +47,23 @@
"Computer": "",
"RawData": "",
"spamScore_d": "1",
"threatsInfoMap_s": "[\r\n {\r\n \"threatID\": \"63dc25289ed9541c3de5221172eaaa3dfb500c3c0e53d9584603be2940933408\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/63dc25289ed9541c3de5221172eaaa3dfb500c3c0e53d9584603be2940933408\",\r\n \"threatTime\": \"2020-04-23T00:40:08Z\",\r\n \"threat\": \"https://www.baysidejetsbasketball.com.au/wp-admin/service/index.php?email=sanitized_email.com\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n },\r\n {\r\n \"threatID\": \"709159328137b804758e6dfef3cf4db23508230952a38157ba92a8082f8377c6\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/709159328137b804758e6dfef3cf4db23508230952a38157ba92a8082f8377c6\",\r\n \"threatTime\": \"2020-04-23T00:41:56Z\",\r\n \"threat\": \"www.baysidejetsbasketball.com.au/wp-admin/service/\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n },\r\n {\r\n \"threatID\": \"b24644bbe86e91a94f07e94bc145a70cbf1770410bd0bc9e5adcc3a81632f88a\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/b24644bbe86e91a94f07e94bc145a70cbf1770410bd0bc9e5adcc3a81632f88a\",\r\n \"threatTime\": \"2020-04-23T00:39:53Z\",\r\n \"threat\": \"www.baysidejetsbasketball.com.au/wp-admin/service/index.php\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n }\r\n]",
"threatsInfoMap_s": "[\r\n {\r\n \"threatID\": \"63dc25289ed9541c3de5221172eaaa3dfb500c3c0e53d9584603be2940933408\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/63dc25289ed9541c3de5221172eaaa3dfb500c3c0e53d9584603be2940933408\",\r\n \"threatTime\": \"2020-04-23T00:40:08Z\",\r\n \"threat\": \"https://www.baysidejetsbasketball.com.au/wp-admin/service/index.php?email=sanitized@sanitized.com\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n },\r\n {\r\n \"threatID\": \"709159328137b804758e6dfef3cf4db23508230952a38157ba92a8082f8377c6\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/709159328137b804758e6dfef3cf4db23508230952a38157ba92a8082f8377c6\",\r\n \"threatTime\": \"2020-04-23T00:41:56Z\",\r\n \"threat\": \"www.baysidejetsbasketball.com.au/wp-admin/service/\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n },\r\n {\r\n \"threatID\": \"b24644bbe86e91a94f07e94bc145a70cbf1770410bd0bc9e5adcc3a81632f88a\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/b24644bbe86e91a94f07e94bc145a70cbf1770410bd0bc9e5adcc3a81632f88a\",\r\n \"threatTime\": \"2020-04-23T00:39:53Z\",\r\n \"threat\": \"www.baysidejetsbasketball.com.au/wp-admin/service/index.php\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n }\r\n]",
"messageTime_t": "2020-04-23T00:36:50Z",
"subject_s": "Message From ",
"quarantineRule_s": "module.access.rule.capture_prerewrite",
"replyToAddress_s": "[]",
"toAddresses_s": "[\r\n \"sanitized_email.com\"\r\n]",
"toAddresses_s": "[\r\n \"sanitized@sanitized.com\"\r\n]",
"QID_s": "03N0ZL6R011622",
"sender_s": "sanitized_email.com",
"recipient_s": "[\r\n \"sanitized_email.com\"\r\n]",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "[\r\n \"sanitized@sanitized.com\"\r\n]",
"senderIP_s": "00.00.00.00",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized_email.com>",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"6e2828bfe958a88030689a7c4d334f78c32b7c033ce43d89208cabf78beb3571\",\r\n \"md5\": \"eb52baecf8a37f82bc0dcb9f9c5a6ae7\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "16206",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "8",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
@ -71,7 +71,7 @@
"quarantineFolder_s": "prerewrite_format",
"xmailer_s": "",
"cluster_s": "xyz_hosted",
"fromAddress_s": "sanitized_email.com",
"fromAddress_s": "sanitized@sanitized.com",
"ccAddresses_s": "[]",
"completelyRewritten_b": "TRUE",
"Type": "ProofPointTAPMessagesDelivered_CL",
@ -93,16 +93,16 @@
"replyToAddress_s": "[]",
"toAddresses_s": "[]",
"QID_s": "03MKZFqE006570",
"sender_s": "sanitized_email.com",
"recipient_s": "[\r\n \"sanitized_email.com\"\r\n]",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "[\r\n \"sanitized@sanitized.com\"\r\n]",
"senderIP_s": "00.00.00.00",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized_email.com>",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"attached\",\r\n \"sha256\": \"76cebb96c521711f3b610f318bc9e678b02c433e7e1acd5f6cdc06b42050bcdb\",\r\n \"md5\": \"c414b2206003e2d0c45ef02daaf81ddc\",\r\n \"filename\": \"image002.png\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"image/png\",\r\n \"contentType\": \"image/png\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"fd087e4f53310d2b522fb71a3e848719ffcc877c807093120b4643d9a076f8aa\",\r\n \"md5\": \"78d4d96b2b0e856a2ec26845ab33ec01\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n },\r\n {\r\n \"disposition\": \"attached\",\r\n \"sha256\": \"57bb6766ac516f8fbb8a6336ed8d28e0f750eb7423b59449e541c4e44e4b7e31\",\r\n \"md5\": \"9b5579945b419d968761113e1694b5e9\",\r\n \"filename\": \"image001.png\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"image/png\",\r\n \"contentType\": \"image/png\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"8cc290ccdb63ae5547c05b4136d39d6a36d8b331eb7522fb88c9c1364f421507\",\r\n \"md5\": \"15233376285fc4042667118ebea79112\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "58684",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
@ -110,7 +110,7 @@
"quarantineFolder_s": "prerewrite_format",
"xmailer_s": "",
"cluster_s": "xyz_hosted",
"fromAddress_s": "sanitized_email.com",
"fromAddress_s": "sanitized@sanitized.com",
"ccAddresses_s": "[]",
"completelyRewritten_b": "TRUE",
"Type": "ProofPointTAPMessagesDelivered_CL",
@ -132,16 +132,16 @@
"replyToAddress_s": "[]",
"toAddresses_s": "[]",
"QID_s": "03MKZFqE006570",
"sender_s": "sanitized_email.com",
"recipient_s": "[\r\n \"sanitized_email.com\"\r\n]",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "[\r\n \"sanitized@sanitized.com\"\r\n]",
"senderIP_s": "00.00.00.00",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized_email.com>",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"attached\",\r\n \"sha256\": \"76cebb96c521711f3b610f318bc9e678b02c433e7e1acd5f6cdc06b42050bcdb\",\r\n \"md5\": \"c414b2206003e2d0c45ef02daaf81ddc\",\r\n \"filename\": \"image002.png\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"image/png\",\r\n \"contentType\": \"image/png\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"fd087e4f53310d2b522fb71a3e848719ffcc877c807093120b4643d9a076f8aa\",\r\n \"md5\": \"78d4d96b2b0e856a2ec26845ab33ec01\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n },\r\n {\r\n \"disposition\": \"attached\",\r\n \"sha256\": \"57bb6766ac516f8fbb8a6336ed8d28e0f750eb7423b59449e541c4e44e4b7e31\",\r\n \"md5\": \"9b5579945b419d968761113e1694b5e9\",\r\n \"filename\": \"image001.png\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"image/png\",\r\n \"contentType\": \"image/png\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"8cc290ccdb63ae5547c05b4136d39d6a36d8b331eb7522fb88c9c1364f421507\",\r\n \"md5\": \"15233376285fc4042667118ebea79112\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "58684",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
@ -149,7 +149,7 @@
"quarantineFolder_s": "prerewrite_format",
"xmailer_s": "",
"cluster_s": "xyz_hosted",
"fromAddress_s": "sanitized_email.com",
"fromAddress_s": "sanitized@sanitized.com",
"ccAddresses_s": "[]",
"completelyRewritten_b": "TRUE",
"Type": "ProofPointTAPMessagesDelivered_CL",
@ -171,16 +171,16 @@
"replyToAddress_s": "[]",
"toAddresses_s": "[]",
"QID_s": "03MHG88G019113",
"sender_s": "sanitized_email.com",
"recipient_s": "[\r\n \"sanitized_email.com\"\r\n]",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "[\r\n \"sanitized@sanitized.com\"\r\n]",
"senderIP_s": "00.00.00.00",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized_email.com>",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"c446e9d568a126cb08c9a101103bc1615b2a895accf14fcddb27792b8e323a23\",\r\n \"md5\": \"bae98a4ee32fb2b5920371a0bf8aca84\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n },\r\n {\r\n \"disposition\": \"attached\",\r\n \"sha256\": \"a9d941529fe3e8f7f9b358a924c6659f425a27e7832ca1a79233547bd242dc6b\",\r\n \"md5\": \"2125ca5fa3f3348fdcfdc01e6efd6397\",\r\n \"filename\": \"image001.png\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"image/png\",\r\n \"contentType\": \"image/png\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"74054bf60518f33b22651405f09f8fbc92af248d1f7da3d3e2ecc0e8fe74d5f9\",\r\n \"md5\": \"274fc14761bc1e04343c697b336b752a\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "47675",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
@ -188,7 +188,7 @@
"quarantineFolder_s": "prerewrite_format",
"xmailer_s": "",
"cluster_s": "xyz_hosted",
"fromAddress_s": "sanitized_email.com",
"fromAddress_s": "sanitized@sanitized.com",
"ccAddresses_s": "[]",
"completelyRewritten_b": "TRUE",
"Type": "ProofPointTAPMessagesDelivered_CL",
@ -210,16 +210,16 @@
"replyToAddress_s": "[]",
"toAddresses_s": "[]",
"QID_s": "03MHJiXH027045",
"sender_s": "sanitized_email.com",
"recipient_s": "[\r\n \"sanitized_email.com\"\r\n]",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "[\r\n \"sanitized@sanitized.com\"\r\n]",
"senderIP_s": "00.00.00.00",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized_email.com>",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"attached\",\r\n \"sha256\": \"a9d941529fe3e8f7f9b358a924c6659f425a27e7832ca1a79233547bd242dc6b\",\r\n \"md5\": \"2125ca5fa3f3348fdcfdc01e6efd6397\",\r\n \"filename\": \"image001.png\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"image/png\",\r\n \"contentType\": \"image/png\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"ea69a68f2513f10a8aa3ea09b4bf7ae8e8e36d707f94b285eb34b5bbbb495bd1\",\r\n \"md5\": \"d5227b0c397dd652915b1bb43c69b8a0\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"74054bf60518f33b22651405f09f8fbc92af248d1f7da3d3e2ecc0e8fe74d5f9\",\r\n \"md5\": \"274fc14761bc1e04343c697b336b752a\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "47674",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
@ -227,7 +227,7 @@
"quarantineFolder_s": "prerewrite_format",
"xmailer_s": "",
"cluster_s": "xyz_hosted",
"fromAddress_s": "sanitized_email.com",
"fromAddress_s": "sanitized@sanitized.com",
"ccAddresses_s": "[]",
"completelyRewritten_b": "TRUE",
"Type": "ProofPointTAPMessagesDelivered_CL",
@ -249,16 +249,16 @@
"replyToAddress_s": "[]",
"toAddresses_s": "[]",
"QID_s": "03MHKU3K024136",
"sender_s": "sanitized_email.com",
"recipient_s": "[\r\n \"sanitized_email.com\"\r\n]",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "[\r\n \"sanitized@sanitized.com\"\r\n]",
"senderIP_s": "00.00.00.00",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized_email.com>",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"bd349a99e36c0c75d36942419a4e949fd69c0c697a009fb41b9840069a3f999e\",\r\n \"md5\": \"9a8e76a72c8c684e8a49ca0c072fb1c6\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n },\r\n {\r\n \"disposition\": \"attached\",\r\n \"sha256\": \"a9d941529fe3e8f7f9b358a924c6659f425a27e7832ca1a79233547bd242dc6b\",\r\n \"md5\": \"2125ca5fa3f3348fdcfdc01e6efd6397\",\r\n \"filename\": \"image001.png\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"image/png\",\r\n \"contentType\": \"image/png\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"74054bf60518f33b22651405f09f8fbc92af248d1f7da3d3e2ecc0e8fe74d5f9\",\r\n \"md5\": \"274fc14761bc1e04343c697b336b752a\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "47674",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
@ -266,7 +266,7 @@
"quarantineFolder_s": "prerewrite_format",
"xmailer_s": "",
"cluster_s": "xyz_hosted",
"fromAddress_s": "sanitized_email.com",
"fromAddress_s": "sanitized@sanitized.com",
"ccAddresses_s": "[]",
"completelyRewritten_b": "TRUE",
"Type": "ProofPointTAPMessagesDelivered_CL",
@ -288,16 +288,16 @@
"replyToAddress_s": "[]",
"toAddresses_s": "[]",
"QID_s": "03MHG9fM019116",
"sender_s": "sanitized_email.com",
"recipient_s": "[\r\n \"sanitized_email.com\"\r\n]",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "[\r\n \"sanitized@sanitized.com\"\r\n]",
"senderIP_s": "00.00.00.00",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized_email.com>",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"attached\",\r\n \"sha256\": \"a9d941529fe3e8f7f9b358a924c6659f425a27e7832ca1a79233547bd242dc6b\",\r\n \"md5\": \"2125ca5fa3f3348fdcfdc01e6efd6397\",\r\n \"filename\": \"image001.png\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"image/png\",\r\n \"contentType\": \"image/png\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"8221b7dfd8bcd314bd178790ad151959304b5a625921207961fa04d3857fee08\",\r\n \"md5\": \"e9a177cc1511d59edfdf696b313594e1\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"74054bf60518f33b22651405f09f8fbc92af248d1f7da3d3e2ecc0e8fe74d5f9\",\r\n \"md5\": \"274fc14761bc1e04343c697b336b752a\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "47682",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
@ -305,7 +305,7 @@
"quarantineFolder_s": "prerewrite_format",
"xmailer_s": "",
"cluster_s": "xyz_hosted",
"fromAddress_s": "sanitized_email.com",
"fromAddress_s": "sanitized@sanitized.com",
"ccAddresses_s": "[]",
"completelyRewritten_b": "TRUE",
"Type": "ProofPointTAPMessagesDelivered_CL",
@ -327,16 +327,16 @@
"replyToAddress_s": "[]",
"toAddresses_s": "[]",
"QID_s": "03MHG7Nq019107",
"sender_s": "sanitized_email.com",
"recipient_s": "[\r\n \"sanitized_email.com\"\r\n]",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "[\r\n \"sanitized@sanitized.com\"\r\n]",
"senderIP_s": "00.00.00.00",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized_email.com>",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"d693a839395bac264d702878dc10f10b5a7ce44ae645c0fe5599d9419796fea9\",\r\n \"md5\": \"50a098a6224807db4bbddd650a370bf2\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n },\r\n {\r\n \"disposition\": \"attached\",\r\n \"sha256\": \"a9d941529fe3e8f7f9b358a924c6659f425a27e7832ca1a79233547bd242dc6b\",\r\n \"md5\": \"2125ca5fa3f3348fdcfdc01e6efd6397\",\r\n \"filename\": \"image001.png\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"image/png\",\r\n \"contentType\": \"image/png\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"74054bf60518f33b22651405f09f8fbc92af248d1f7da3d3e2ecc0e8fe74d5f9\",\r\n \"md5\": \"274fc14761bc1e04343c697b336b752a\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "52014",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\",\r\n \"allow_relay\",\r\n \"firewallsafe\",\r\n \"internalnet\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"urldefense\"\r\n]",
@ -344,7 +344,7 @@
"quarantineFolder_s": "prerewrite_format",
"xmailer_s": "",
"cluster_s": "xyz_hosted",
"fromAddress_s": "sanitized_email.com",
"fromAddress_s": "sanitized@sanitized.com",
"ccAddresses_s": "[]",
"completelyRewritten_b": "TRUE",
"Type": "ProofPointTAPMessagesDelivered_CL",
@ -366,16 +366,16 @@
"replyToAddress_s": "[]",
"toAddresses_s": "[]",
"QID_s": "03MHG88O019113",
"sender_s": "sanitized_email.com",
"recipient_s": "[\r\n \"sanitized_email.com\"\r\n]",
"sender_s": "sanitized@sanitized.com",
"recipient_s": "[\r\n \"sanitized@sanitized.com\"\r\n]",
"senderIP_s": "00.00.00.00",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized_email.com>",
"messageID_s": "<8Culw000000000000000000000000000000000000000000000Q8YY5H00e7HuvHqvQ2CNwW-noEK2jQsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"d693a839395bac264d702878dc10f10b5a7ce44ae645c0fe5599d9419796fea9\",\r\n \"md5\": \"50a098a6224807db4bbddd650a370bf2\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n },\r\n {\r\n \"disposition\": \"attached\",\r\n \"sha256\": \"a9d941529fe3e8f7f9b358a924c6659f425a27e7832ca1a79233547bd242dc6b\",\r\n \"md5\": \"2125ca5fa3f3348fdcfdc01e6efd6397\",\r\n \"filename\": \"image001.png\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"image/png\",\r\n \"contentType\": \"image/png\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"74054bf60518f33b22651405f09f8fbc92af248d1f7da3d3e2ecc0e8fe74d5f9\",\r\n \"md5\": \"274fc14761bc1e04343c697b336b752a\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "52014",
"headerFrom_s": "sanitized_email.com",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\",\r\n \"allow_relay\",\r\n \"firewallsafe\",\r\n \"internalnet\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"urldefense\"\r\n]",
@ -383,7 +383,7 @@
"quarantineFolder_s": "prerewrite_format",
"xmailer_s": "",
"cluster_s": "xyz_hosted",
"fromAddress_s": "sanitized_email.com",
"fromAddress_s": "sanitized@sanitized.com",
"ccAddresses_s": "[]",
"completelyRewritten_b": "TRUE",
"Type": "ProofPointTAPMessagesDelivered_CL",

96
Sample Data/Custom/ProofpointPOD_maillog_CL.json
Просмотреть файл

@ -8,9 +8,9 @@
"verify": "OK"
},
"dsn": "2.0.0",
"to": ["<sanitized_email.com>"],
"to": ["<sanitized@sanitized.com>"],
"relay": "relay.mail.net [10.10.10.10]",
"stat": "Sent (<sanitized_email.com> [InternalId",
"stat": "Sent (<sanitized@sanitized.com> [InternalId",
"pri": "154217",
"qid": "0A0BqJgv000000"
},
@ -19,7 +19,7 @@
"agent": "t1234555.popps.net"
},
"id": "rGWIupM+g6R4PWIeqf6SMA",
"data": "2020-11-05T12:59:43.881767+01:00 t1234555 sendmail[18160]: 0A0BqJgv000000: to=<sanitized_email.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, tls_verify=OK, pri=154217, relay=relay.mail.net. [10.10.10.10], dsn=2.0.0, stat=Sent (<sanitized_email.com> [InternalId=3444563792735, Hostname=eurprd01.prod.exchangelabs.com] 45616 bytes in 0.073, 610.105 KB/sec Queued mail for delivery)",
"data": "2020-11-05T12:59:43.881767+01:00 t1234555 sendmail[18160]: 0A0BqJgv000000: to=<sanitized@sanitized.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, tls_verify=OK, pri=154217, relay=relay.mail.net. [10.10.10.10], dsn=2.0.0, stat=Sent (<sanitized@sanitized.com> [InternalId=3444563792735, Hostname=eurprd01.prod.exchangelabs.com] 45616 bytes in 0.073, 610.105 KB/sec Queued mail for delivery)",
"metadata": {
"origin": {
"data": {
@ -41,15 +41,15 @@
"qid": "0A0BqJgv000000",
"pri": "2242435",
"relay": "relay.mail.net [10.10.10.10]",
"to": ["<sanitized_email.com>"],
"stat": "Sent (<sanitized_email.com> [InternalId"
"to": ["<sanitized@sanitized.com>"],
"stat": "Sent (<sanitized@sanitized.com> [InternalId"
},
"ts": "2020-11-05T12:59:44.487319+0100",
"pps": {
"cid": "CID",
"agent": "t1234555.ppops.net"
},
"data": "2020-11-05T12:59:44.487319+01:00 t1234555 sendmail[18157]: 0A0BqJgv000000: to=<sanitized_email.com>, delay=00:00:03, xdelay=00:00:03, mailer=esmtp, tls_verify=OK, pri=2242435, relay=relay.mail.net. [10.10.10.10], dsn=2.0.0, stat=Sent (<sanitized_email.com> [InternalId=18167711674865, Hostname=eurprd01.prod.exchangelabs.com] 2159936 bytes in 0.641, 3288.805 KB/sec Queued mail for delivery)",
"data": "2020-11-05T12:59:44.487319+01:00 t1234555 sendmail[18157]: 0A0BqJgv000000: to=<sanitized@sanitized.com>, delay=00:00:03, xdelay=00:00:03, mailer=esmtp, tls_verify=OK, pri=2242435, relay=relay.mail.net. [10.10.10.10], dsn=2.0.0, stat=Sent (<sanitized@sanitized.com> [InternalId=18167711674865, Hostname=eurprd01.prod.exchangelabs.com] 2159936 bytes in 0.641, 3288.805 KB/sec Queued mail for delivery)",
"id": "tnsgrBLZ9hdWbGRd3HMS9A",
"metadata": {
"origin": {
@ -77,7 +77,7 @@
"relay": "t1234555.ppops.net [127.0.0.1]"
},
"ts": "2020-11-05T12:59:45.217049+0100",
"data": "2020-11-05T12:59:45.217049+01:00 t1234555 sendmail[30248]: 0A5BqKs4030248: from=<sanitized_email.com>, size=8255, class=0, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"data": "2020-11-05T12:59:45.217049+01:00 t1234555 sendmail[30248]: 0A5BqKs4030248: from=<sanitized@sanitized.com>, size=8255, class=0, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"id": "Rv4coMMYHs/yWaGyMlR49g",
"pps": {
"agent": "t1234555.ppops.net",
@ -96,9 +96,9 @@
"sm": {
"pri": "128255",
"qid": "0A5BqKs4030248",
"stat": "Sent (<sanitized_email.com> [InternalId",
"stat": "Sent (<sanitized@sanitized.com> [InternalId",
"relay": "relay.mail.net [10.10.10.10]",
"to": ["<sanitized_email.com>"],
"to": ["<sanitized@sanitized.com>"],
"tls": {
"verify": "OK"
},
@ -108,7 +108,7 @@
"mailer": "esmtp"
},
"ts": "2020-11-05T12:59:46.045430+0100",
"data": "2020-11-05T12:59:46.045430+01:00 t1234555 sendmail[18165]: 0A5BqKs4030248: to=<sanitized_email.com>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, tls_verify=OK, pri=128255, relay=externals-adidasgr...ction.outlook.com. [10.10.10.10], dsn=2.0.0, stat=Sent (<sanitized_email.com> [InternalId=...B6347.eurprd01.prod.exchangelabs.com] 19101 bytes in 0.071, 260.062 KB/sec Queued mail for delivery)",
"data": "2020-11-05T12:59:46.045430+01:00 t1234555 sendmail[18165]: 0A5BqKs4030248: to=<sanitized@sanitized.com>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, tls_verify=OK, pri=128255, relay=externals-adidasgr...ction.outlook.com. [10.10.10.10], dsn=2.0.0, stat=Sent (<sanitized@sanitized.com> [InternalId=...B6347.eurprd01.prod.exchangelabs.com] 19101 bytes in 0.071, 260.062 KB/sec Queued mail for delivery)",
"id": "wYvxXQ8YHRvWgpopQeLskA",
"pps": {
"cid": "CID",
@ -138,9 +138,9 @@
"tls": {
"verify": "NONE"
},
"from": "<sanitized_email.com>"
"from": "<sanitized@sanitized.com>"
},
"data": "2020-11-05T12:59:49.375433+01:00 t1234555 sendmail[30448]: 0A5BqZtL030448: from=<sanitized_email.com>, size=148995, class=0, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"data": "2020-11-05T12:59:49.375433+01:00 t1234555 sendmail[30448]: 0A5BqZtL030448: from=<sanitized@sanitized.com>, size=148995, class=0, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"id": "S57nYRhfj7qb0FUTymKhfg",
"pps": {
"agent": "t1234555.ppops.net",
@ -160,7 +160,7 @@
"agent": "t1234555.ppops.net",
"cid": "CID"
},
"data": "2020-11-05T12:59:50.261397+01:00 t1234555 sendmail[30240]: 0A5BqJBl030240: from=<sanitized_email.com>, size=560625, class=0, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"data": "2020-11-05T12:59:50.261397+01:00 t1234555 sendmail[30240]: 0A5BqJBl030240: from=<sanitized@sanitized.com>, size=560625, class=0, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"id": "KmK6ghZhp+8N+k+y5M/ZrA",
"sm": {
"relay": "relay.mail.net [10.10.10.10]",
@ -175,7 +175,7 @@
"verify": "NONE"
},
"msgid": "<TESTMSGID>",
"from": "<sanitized_email.com>"
"from": "<sanitized@sanitized.com>"
},
"ts": "2020-11-05T12:59:50.261397+0100",
"metadata": {
@ -198,13 +198,13 @@
"class": "0",
"auth": "NONE",
"proto": "SMTP",
"from": "<sanitized_email.com>",
"from": "<sanitized@sanitized.com>",
"msgid": "<TESTMSGID>",
"tls": {
"verify": "NONE"
}
},
"data": "2020-11-05T12:59:50.356977+01:00 t1234555 sendmail[30427]: 0A5BqWEW030427: from=<sanitized_email.com>, size=24805, class=0, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"data": "2020-11-05T12:59:50.356977+01:00 t1234555 sendmail[30427]: 0A5BqWEW030427: from=<sanitized@sanitized.com>, size=24805, class=0, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"id": "6o9hWtB++VRhC2HZCU0/mQ",
"pps": {
"cid": "CID",
@ -224,7 +224,7 @@
"cid": "CID",
"agent": "t1234555.ppops.net"
},
"data": "2020-11-05T12:59:51.698428+01:00 t1234555 sendmail[18173]: 0A5BqZtL030448: to=<sanitized_email.com>, delay=00:00:02, xdelay=00:00:02, mailer=esmtp, tls_verify=OK, pri=268995, relay=reebok-com.mail.protection.outlook.com. [104.47.1.36], dsn=2.0.0, stat=Sent (<sanitized_email.com> [InternalId=8723078591673, Hostname=AM0PR...281.eurprd01.prod.exchangelabs.com] 165052 bytes in 0.159, 1010.909 KB/sec Queued mail for delivery)",
"data": "2020-11-05T12:59:51.698428+01:00 t1234555 sendmail[18173]: 0A5BqZtL030448: to=<sanitized@sanitized.com>, delay=00:00:02, xdelay=00:00:02, mailer=esmtp, tls_verify=OK, pri=268995, relay=reebok-com.mail.protection.outlook.com. [104.47.1.36], dsn=2.0.0, stat=Sent (<sanitized@sanitized.com> [InternalId=8723078591673, Hostname=AM0PR...281.eurprd01.prod.exchangelabs.com] 165052 bytes in 0.159, 1010.909 KB/sec Queued mail for delivery)",
"id": "jOtbUua8OnKtoWNglHt4GA",
"sm": {
"mailer": "esmtp",
@ -234,9 +234,9 @@
"verify": "OK"
},
"dsn": "2.0.0",
"to": ["<sanitized_email.com>"],
"to": ["<sanitized@sanitized.com>"],
"relay": "relay.mail.net [10.10.10.10]",
"stat": "Sent (<sanitized_email.com> [InternalId",
"stat": "Sent (<sanitized@sanitized.com> [InternalId",
"qid": "0A5BqZtL030448",
"pri": "268995"
},
@ -256,11 +256,11 @@
"agent": "t1234555.ppops.net"
},
"id": "c5Fw7jOLm46PeqG8UJEWbg",
"data": "2020-11-05T12:59:51.739825+01:00 t1234555 sendmail[18175]: 0A5BqJBl030240: to=<sanitized_email.com>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, tls_verify=OK, pri=680625, relay=relay.mail.net. [10.10.10.10], dsn=2.0.0, stat=Sent (<sanitized_email.com> [InternalId=2...285.eurprd01.prod.exchangelabs.com] 583928 bytes in 0.236, 2413.571 KB/sec Queued mail for delivery)",
"data": "2020-11-05T12:59:51.739825+01:00 t1234555 sendmail[18175]: 0A5BqJBl030240: to=<sanitized@sanitized.com>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, tls_verify=OK, pri=680625, relay=relay.mail.net. [10.10.10.10], dsn=2.0.0, stat=Sent (<sanitized@sanitized.com> [InternalId=2...285.eurprd01.prod.exchangelabs.com] 583928 bytes in 0.236, 2413.571 KB/sec Queued mail for delivery)",
"sm": {
"stat": "Sent (<sanitized_email.com> [InternalId",
"stat": "Sent (<sanitized@sanitized.com> [InternalId",
"relay": "relay.mail.net [10.10.10.10]",
"to": ["<sanitized_email.com>"],
"to": ["<sanitized@sanitized.com>"],
"qid": "0A5BqJBl030240",
"pri": "680625",
"xdelay": "00:00:01",
@ -286,9 +286,9 @@
"sm": {
"qid": "0A5BqWEW030427",
"pri": "144805",
"stat": "Sent (<sanitized_email.com> [InternalI...B2686.eurprd01.prod.exchangelabs.com] 36596 bytes in 0.149",
"stat": "Sent (<sanitized@sanitized.com> [InternalI...B2686.eurprd01.prod.exchangelabs.com] 36596 bytes in 0.149",
"relay": "relay.mail.net [10.10.10.10]",
"to": ["<sanitized_email.com>"],
"to": ["<sanitized@sanitized.com>"],
"tls": {
"verify": "OK"
},
@ -298,7 +298,7 @@
"mailer": "esmtp"
},
"id": "/ALzUxRLM2Tz0YJbdoltTQ",
"data": "2020-11-05T12:59:51.822918+01:00 t1234555 sendmail[18177]: 0A5BqWEW030427: to=<sanitized_email.com>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, tls_verify=OK, pri=144805, relay=relay.mail.net. [10.10.10.10], dsn=2.0.0, stat=Sent (<sanitized_email.com> [InternalI...B2686.eurprd01.prod.exchangelabs.com] 36596 bytes in 0.149, 239.832 KB/sec Queued mail for delivery)",
"data": "2020-11-05T12:59:51.822918+01:00 t1234555 sendmail[18177]: 0A5BqWEW030427: to=<sanitized@sanitized.com>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, tls_verify=OK, pri=144805, relay=relay.mail.net. [10.10.10.10], dsn=2.0.0, stat=Sent (<sanitized@sanitized.com> [InternalI...B2686.eurprd01.prod.exchangelabs.com] 36596 bytes in 0.149, 239.832 KB/sec Queued mail for delivery)",
"pps": {
"cid": "CID",
"agent": "t1234555.ppops.net"
@ -320,7 +320,7 @@
"sizeBytes": "301268",
"nrcpts": "2",
"relay": "relay.mail.net [10.10.10.10]",
"from": "<sanitized_email.com>",
"from": "<sanitized@sanitized.com>",
"msgid": "<TESTMSGID>",
"tls": {
"verify": "NONE"
@ -330,7 +330,7 @@
"proto": "SMTP"
},
"id": "z++bC1rsPj/CWSn4ZScnTg",
"data": "2020-11-05T12:59:52.368451+01:00 t1234555 sendmail[30243]: 0A5BqJgw030243: from=<sanitized_email.com>, size=301268, class=0, nrcpts=2, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"data": "2020-11-05T12:59:52.368451+01:00 t1234555 sendmail[30243]: 0A5BqJgw030243: from=<sanitized@sanitized.com>, size=301268, class=0, nrcpts=2, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"pps": {
"agent": "t1234555.ppops.net",
"cid": "CID"
@ -350,12 +350,12 @@
"cid": "CID"
},
"id": "EdOJdJWaYM6H2KYMjj0A8w",
"data": "2020-11-05T12:59:53.128685+01:00 t1234555 sendmail[30240]: 0A5BqJBm030240: from=<sanitized_email.com>, size=301692, class=0, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"data": "2020-11-05T12:59:53.128685+01:00 t1234555 sendmail[30240]: 0A5BqJBm030240: from=<sanitized@sanitized.com>, size=301692, class=0, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"sm": {
"class": "0",
"auth": "NONE",
"proto": "SMTP",
"from": "<sanitized_email.com>",
"from": "<sanitized@sanitized.com>",
"msgid": "<TESTMSGID>",
"tls": {
"verify": "NONE"
@ -381,7 +381,7 @@
"auth": "NONE",
"class": "-60",
"proto": "SMTP",
"from": "<sanitized_email.com>",
"from": "<sanitized@sanitized.com>",
"msgid": "<TESTMSGID>",
"tls": {
"verify": "NONE"
@ -397,7 +397,7 @@
"agent": "t1234555.ppops.net",
"cid": "CID"
},
"data": "2020-11-05T12:59:54.447139+01:00 t1234555 sendmail[30233]: 0A5BqHS0030233: from=<sanitized_email.com>, size=65592, class=-60, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"data": "2020-11-05T12:59:54.447139+01:00 t1234555 sendmail[30233]: 0A5BqHS0030233: from=<sanitized@sanitized.com>, size=65592, class=-60, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"id": "o1LSqlKOOCILO8WDfvM+SQ",
"metadata": {
"origin": {
@ -410,13 +410,13 @@
"event_type": "maillog"
}, {
"id": "nSWY7WY+wg3vqLBEV9rlFA",
"data": "2020-11-05T12:59:54.882947+01:00 t1234555 sendmail[30448]: 0A5BqZtM030448: from=<sanitized_email.com>, size=1060602, class=0, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"data": "2020-11-05T12:59:54.882947+01:00 t1234555 sendmail[30448]: 0A5BqZtM030448: from=<sanitized@sanitized.com>, size=1060602, class=0, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"pps": {
"cid": "CID",
"agent": "t1234555.ppops.net"
},
"sm": {
"from": "<sanitized_email.com>",
"from": "<sanitized@sanitized.com>",
"tls": {
"verify": "NONE"
},
@ -445,7 +445,7 @@
"class": "-60",
"auth": "NONE",
"proto": "SMTP",
"from": "<sanitized_email.com>",
"from": "<sanitized@sanitized.com>",
"tls": {
"verify": "NONE"
},
@ -458,7 +458,7 @@
},
"ts": "2020-11-05T12:59:55.581745+0100",
"id": "nQsGhy3nue3O9PXE9cyZ4A",
"data": "2020-11-05T12:59:55.581745+01:00 t1234555 sendmail[30464]: 0A5Bqbi3030464: from=<sanitized_email.com>, size=67596, class=-60, nrcpts=4, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"data": "2020-11-05T12:59:55.581745+01:00 t1234555 sendmail[30464]: 0A5Bqbi3030464: from=<sanitized@sanitized.com>, size=67596, class=-60, nrcpts=4, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=t1234555.ppops.net [127.0.0.1]",
"pps": {
"cid": "CID",
"agent": "t1234555.ppops.net"
@ -474,7 +474,7 @@
"event_type": "maillog"
}, {
"id": "TLgvfc+EnwlgpGstT4gKKg",
"data": "2020-11-05T12:59:55.702601+01:00 t1234555 sendmail[18188]: 0A5BqJBm030240: to=<sanitized_email.com>, delay=00:00:02, xdelay=00:00:02, mailer=esmtp, tls_verify=OK, pri=421692, relay=relay.mail.net. [104.47.0.36], dsn=2.0.0, stat=Sent (<sanitized_email.com> [InternalId=4...537.eurprd01.prod.exchangelabs.com] 319576 bytes in 0.197, 1576.411 KB/sec Queued mail for delivery)",
"data": "2020-11-05T12:59:55.702601+01:00 t1234555 sendmail[18188]: 0A5BqJBm030240: to=<sanitized@sanitized.com>, delay=00:00:02, xdelay=00:00:02, mailer=esmtp, tls_verify=OK, pri=421692, relay=relay.mail.net. [104.47.0.36], dsn=2.0.0, stat=Sent (<sanitized@sanitized.com> [InternalId=4...537.eurprd01.prod.exchangelabs.com] 319576 bytes in 0.197, 1576.411 KB/sec Queued mail for delivery)",
"pps": {
"cid": "CID",
"agent": "t1234555.ppops.net"
@ -489,9 +489,9 @@
"xdelay": "00:00:02",
"pri": "421692",
"qid": "0A5BqJBm030240",
"to": ["<sanitized_email.com>"],
"to": ["<sanitized@sanitized.com>"],
"relay": "relay.mail.net [10.10.10.10]",
"stat": "Sent (<sanitized_email.com> [InternalId"
"stat": "Sent (<sanitized@sanitized.com> [InternalId"
},
"ts": "2020-11-05T12:59:55.702601+0100",
"metadata": {
@ -508,19 +508,19 @@
"cid": "CID",
"agent": "m0000001.ppops.net"
},
"data": "2020-11-05T12:59:25.616354+01:00 m0000001 sendmail[25015]: 0A5Bs6pD012719: to=<sanitized_email.com>, delay=00:00:02, xdelay=00:00:02, mailer=esmtp, tls_verify=OK, pri=172457, relay=relay.mail.net. [104.47.0.36], dsn=2.0.0, stat=Sent (<sanitized_email.com> [InternalId=57157424788340, Ho...MB5237.eurprd01.prod.exchangelabs.com] 63604 bytes in 1.095, 56.722 KB/sec Queued mail for delivery)",
"data": "2020-11-05T12:59:25.616354+01:00 m0000001 sendmail[25015]: 0A5Bs6pD012719: to=<sanitized@sanitized.com>, delay=00:00:02, xdelay=00:00:02, mailer=esmtp, tls_verify=OK, pri=172457, relay=relay.mail.net. [104.47.0.36], dsn=2.0.0, stat=Sent (<sanitized@sanitized.com> [InternalId=57157424788340, Ho...MB5237.eurprd01.prod.exchangelabs.com] 63604 bytes in 1.095, 56.722 KB/sec Queued mail for delivery)",
"id": "4k8PCXVfzzmB3MOLxMJzow",
"ts": "2020-11-05T12:59:25.616354+0100",
"sm": {
"relay": "relay.mail.net [10.10.10.10]",
"to": ["<sanitized_email.com>"],
"to": ["<sanitized@sanitized.com>"],
"dsn": "2.0.0",
"qid": "0A5Bs6pD012719",
"tls": {
"verify": "OK"
},
"mailer": "esmtp",
"stat": "Sent (<sanitized_email.com> [InternalId",
"stat": "Sent (<sanitized@sanitized.com> [InternalId",
"xdelay": "00:00:02",
"delay": "00:00:02",
"pri": "172457"
@ -540,12 +540,12 @@
"agent": "m0000001.ppops.net"
},
"id": "yHgmo29ReWNG+wG9z2081w",
"data": "2020-11-05T12:59:25.782683+01:00 m0000001 sendmail[12716]: 0A5Bs66u012716: from=<sanitized_email.com>, size=133518, class=0, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=m0000001.ppops.net [127.0.0.1]",
"data": "2020-11-05T12:59:25.782683+01:00 m0000001 sendmail[12716]: 0A5Bs66u012716: from=<sanitized@sanitized.com>, size=133518, class=0, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=m0000001.ppops.net [127.0.0.1]",
"ts": "2020-11-05T12:59:25.782683+0100",
"sm": {
"daemon": "MTA",
"sizeBytes": "133518",
"from": "<sanitized_email.com>",
"from": "<sanitized@sanitized.com>",
"nrcpts": "1",
"tls": {
"verify": "NONE"
@ -572,15 +572,15 @@
"cid": "CID",
"agent": "m0000001.ppops.net"
},
"data": "2020-11-05T12:59:27.214776+01:00 m0000001 sendmail[25035]: 0A5Bs66u012716: to=<sanitized_email.com>, delay=00:00:02, xdelay=00:00:02, mailer=esmtp, tls_verify=OK, pri=253518, relay=relay.mail.net. [104.47.0.36], dsn=2.0.0, stat=Sent (<sanitized_email.com> [InternalId=50349901633126, Hos...245.eurprd01.prod.exchangelabs.com] 147801 bytes in 0.083, 1737.387 KB/sec Queued mail for delivery)",
"data": "2020-11-05T12:59:27.214776+01:00 m0000001 sendmail[25035]: 0A5Bs66u012716: to=<sanitized@sanitized.com>, delay=00:00:02, xdelay=00:00:02, mailer=esmtp, tls_verify=OK, pri=253518, relay=relay.mail.net. [104.47.0.36], dsn=2.0.0, stat=Sent (<sanitized@sanitized.com> [InternalId=50349901633126, Hos...245.eurprd01.prod.exchangelabs.com] 147801 bytes in 0.083, 1737.387 KB/sec Queued mail for delivery)",
"ts": "2020-11-05T12:59:27.214776+0100",
"sm": {
"xdelay": "00:00:02",
"stat": "Sent (<sanitized_email.com> [InternalId",
"stat": "Sent (<sanitized@sanitized.com> [InternalId",
"delay": "00:00:02",
"pri": "253518",
"dsn": "2.0.0",
"to": ["<sanitized_email.com>"],
"to": ["<sanitized@sanitized.com>"],
"relay": "relay.mail.net [10.10.10.10]",
"mailer": "esmtp",
"qid": "0A5Bs66u012716",
@ -604,10 +604,10 @@
"agent": "m0000001.ppops.net"
},
"id": "kcFh9j7CGJ5CnjZ1l/0fYw",
"data": "2020-11-05T12:59:27.672144+01:00 m0000001 sendmail[12713]: 0A5Bs5V2012713: from=<sanitized_email.com>, size=20387, class=0, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=m0000001.ppops.net [127.0.0.1]",
"data": "2020-11-05T12:59:27.672144+01:00 m0000001 sendmail[12713]: 0A5Bs5V2012713: from=<sanitized@sanitized.com>, size=20387, class=0, nrcpts=1, msgid=<TESTMSGID>, proto=SMTP, daemon=MTA, tls_verify=NONE, auth=NONE, relay=m0000001.ppops.net [127.0.0.1]",
"sm": {
"nrcpts": "1",
"from": "<sanitized_email.com>",
"from": "<sanitized@sanitized.com>",
"sizeBytes": "20387",
"daemon": "MTA",
"class": "0",

184
Sample Data/Custom/ProofpointPOD_message_CL.json
Просмотреть файл

@ -491,7 +491,7 @@
"isMsgReinjected": false,
"routes": ["Microsoft_EOP", "Verified_Recipients", "default_inbound"],
"verified": {
"rcpts": ["sanitized_email.com"],
"rcpts": ["sanitized@sanitized.com"],
"rcptsHashed": ["0000000000841a6ba279d500bb52e500@company-group.com"]
},
"disposition": "continue",
@ -564,7 +564,7 @@
"filterdResult": "none",
"authResults": [{
"emailIdentities": {
"smtp.mailfrom": "sanitized_email.com",
"smtp.mailfrom": "sanitized@sanitized.com",
"smtp.mailfromHashed": "b77aa3aa8a1873776969790bee763492@domain.com"
},
"result": "pass",
@ -605,9 +605,9 @@
},
"ts": "2020-11-05T12:59:26.152788+0100",
"envelope": {
"from": "sanitized_email.com",
"from": "sanitized@sanitized.com",
"rcptsHashed": ["0000000000841a6ba279d500bb52e500@company-group.com"],
"rcpts": ["sanitized_email.com"],
"rcpts": ["sanitized@sanitized.com"],
"fromHashed": "b77aa3aa8a1873776969790bee763492@domain.com"
},
"pps": {
@ -643,33 +643,33 @@
"msg": {
"lang": "de",
"parsedAddresses": {
"from": ["sanitized_email.com"],
"to": ["sanitized_email.com"],
"from": ["sanitized@sanitized.com"],
"to": ["sanitized@sanitized.com"],
"ccHashed": ["5b03add37b3e07f315b852b6aeb1f07b@testgroup.com"],
"cc": ["sanitized_email.com"],
"cc": ["sanitized@sanitized.com"],
"fromHashed": ["b77aa3aa8a1873776969790bee763492@domain.com"],
"toHashed": ["0000000000841a6ba279d500bb52e500@company-group.com"]
},
"normalizedHeader": {
"message-id": ["00000000-4C10-4516-9E48-170F4D3704FC@domain.com"],
"subject": ["Re: WORKSHOP"],
"cc": ["\"Doe, John\" <sanitized_email.com>"],
"cc": ["\"Doe, John\" <sanitized@sanitized.com>"],
"fromHashed": ["4c1ab44a1d6874f1e663408b3aff112f@domain.com"],
"from": ["\"Smith, Jack\" <sanitized_email.com>"],
"from": ["\"Smith, Jack\" <sanitized@sanitized.com>"],
"x-originating-ip": ["[99.90.244.90]"],
"ccHashed": ["950dcfd55960d796d4a65552f548d3bd@testgroup.com"],
"to": ["\"smith, alex\" <sanitized_email.com>"],
"to": ["\"smith, alex\" <sanitized@sanitized.com>"],
"toHashed": ["2de9ce98bfc36a8d3a36c8b068a8d358@company-group.com"]
},
"header": {
"subject": ["Re: WORKSHOP \"MEMBERSHIP PLAN 2021\"_Handover"],
"message-id": ["<00000000-4C10-4516-9E48-170F4D3704FC@domain.com>"],
"fromHashed": ["4c1ab44a1d6874f1e663408b3aff112f@domain.com"],
"cc": ["\"Doe, John\" <sanitized_email.com>"],
"from": ["\"Smith, Jack\" <sanitized_email.com>"],
"cc": ["\"Doe, John\" <sanitized@sanitized.com>"],
"from": ["\"Smith, Jack\" <sanitized@sanitized.com>"],
"x-originating-ip": ["[99.90.244.90]"],
"ccHashed": ["950dcfd55960d796d4a65552f548d3bd@testgroup.com"],
"to": ["\"smith, alex\" <sanitized_email.com>"],
"to": ["\"smith, alex\" <sanitized@sanitized.com>"],
"toHashed": ["2de9ce98bfc36a8d3a36c8b068a8d358@company-group.com"]
},
"sizeBytes": 35521
@ -767,7 +767,7 @@
"cid": "CID"
},
"envelope": {
"rcpts": ["sanitized_email.com"],
"rcpts": ["sanitized@sanitized.com"],
"rcptsHashed": ["bcb21ec683a922759afbec853c372aeb@company.com"],
"from": "msprvs1=18578lsffgka7=bounces-280047@bounce.smartsheet.com",
"fromHashed": "000000e808a16dffe994f730e82855f9@bounce.smartsheet.com"
@ -871,7 +871,7 @@
"rule": ""
},
"verified": {
"rcpts": ["sanitized_email.com"],
"rcpts": ["sanitized@sanitized.com"],
"rcptsHashed": ["00000ec683a922759afbec853c372aeb@company.com"]
},
"routes": ["Verified_Recipients", "default_inbound"],
@ -953,7 +953,7 @@
"url": "https://app.smartsheet.com/b/home",
"src": ["filter"]
}, {
"url": "mailto:sanitized_email.com",
"url": "mailto:sanitized@sanitized.com",
"src": ["filter"]
}, {
"url": "https://app.smartsheet.com/b/mailtrack/",
@ -1012,23 +1012,23 @@
"header": {
"x-mailer": ["smartsheet-service-mail-v2"],
"toHashed": ["1fe968be56d7c600ae1b2b6b73cbd3b8@company.com"],
"to": ["\"Iggy.Pop\" <sanitized_email.com>"],
"to": ["\"Iggy.Pop\" <sanitized@sanitized.com>"],
"from": ["\"Nik Kin via Smartsheet\" <user@app.smartsheet.com>"],
"fromHashed": ["8c922a95a5f5c23cb0322ba48c45e910@app.smartsheet.com"],
"reply-to": ["\"Nik Kin\" <sanitized_email.com>"],
"reply-to": ["\"Nik Kin\" <sanitized@sanitized.com>"],
"reply-toHashed": ["db42ae4f5f4da1e00a5c64798883e972@company.com"],
"message-id": ["<61.99.33930.C19E3AF5@af.mta1vrest.cc.prd.sparkpost>"],
"subject": ["SSUse23"]
},
"normalizedHeader": {
"from": ["\"Nik Kin via Smartsheet\" <user@app.smartsheet.com>"],
"to": ["\"Iggy.Pop\" <sanitized_email.com>"],
"to": ["\"Iggy.Pop\" <sanitized@sanitized.com>"],
"toHashed": ["1fe968be56d7c600ae1b2b6b73cbd3b8@company.com"],
"x-mailer": ["smartsheet-service-mail-v2"],
"message-id": ["61.99.33930.C19E3AF5@af.mta1vrest.cc.prd.sparkpost"],
"subject": ["SSUse23"],
"reply-toHashed": ["db42ae4f5f4da1e00a5c64798883e972@company.com"],
"reply-to": ["\"Nik Kin\" <sanitized_email.com>"],
"reply-to": ["\"Nik Kin\" <sanitized@sanitized.com>"],
"fromHashed": ["8c922a95a5f5c23cb0322ba48c45e910@app.smartsheet.com"]
},
"sizeBytes": 7889,
@ -1037,7 +1037,7 @@
"toHashed": ["bcb21ec683a922759afbec853c372aeb@company.com"],
"fromHashed": ["ee11cbb19052e40b07aac0ca060c23ee@app.smartsheet.com"],
"from": ["user@app.smartsheet.com"],
"to": ["sanitized_email.com"]
"to": ["sanitized@sanitized.com"]
}
},
"event_type": "message"
@ -1124,19 +1124,19 @@
"msg": {
"normalizedHeader": {
"message-id": ["PS2PR02MB34317A6F8C35D2C3D8FACCA9EAEE0@PS2PR02MB3431.apcprd02.prod.outlook.com"],
"from": ["Kin Nik <sanitized_email.com>"],
"from": ["Kin Nik <sanitized@sanitized.com>"],
"subject": ["Accepted: Follow Up"],
"x-originating-ip": ["[2405:201:d00f:7886:51b8:2820:9059:1c0c]"],
"to": ["\"Lara, Lara\" <sanitized_email.com>"],
"to": ["\"Lara, Lara\" <sanitized@sanitized.com>"],
"toHashed": ["d0d1798e52185c08e2ff2e264e444e6c@company.com"],
"fromHashed": ["0d973e89539d0d8a26b8de0d6bd8751c@infotest.com"]
},
"header": {
"x-originating-ip": ["[2405:201:d00f:7886:51b8:2820:9059:1c0c]"],
"from": ["Kin Nik <sanitized_email.com>"],
"from": ["Kin Nik <sanitized@sanitized.com>"],
"message-id": ["<PS2PR02MB34317A6F8C35D2C3D8FACCA9EAEE0@PS2PR02MB3431.apcprd02.prod.outlook.com>"],
"subject": ["Accepted: Follow Up"],
"to": ["\"Lara, Lara\" <sanitized_email.com>"],
"to": ["\"Lara, Lara\" <sanitized@sanitized.com>"],
"fromHashed": ["0d973e89539d0d8a26b8de0d6bd8751c@infotest.com"],
"toHashed": ["d0d1798e52185c08e2ff2e264e444e6c@company.com"]
},
@ -1145,8 +1145,8 @@
"parsedAddresses": {
"fromHashed": ["d1f57788de71c4105a92fdae568b2318@infotest.com"],
"toHashed": ["a9507a48e742eddedc7b82eaddc517a5@company.com"],
"to": ["sanitized_email.com"],
"from": ["sanitized_email.com"]
"to": ["sanitized@sanitized.com"],
"from": ["sanitized@sanitized.com"]
}
},
"pps": {
@ -1156,8 +1156,8 @@
},
"envelope": {
"rcptsHashed": ["a9507a48e742eddedc7b82eaddc517a5@company.com"],
"rcpts": ["sanitized_email.com"],
"from": "sanitized_email.com",
"rcpts": ["sanitized@sanitized.com"],
"from": "sanitized@sanitized.com",
"fromHashed": "d1f57788de71c4105a92fdae568b2318@infotest.com"
},
"ts": "2020-11-05T12:59:33.296634+0100",
@ -1204,7 +1204,7 @@
"method": "spf",
"result": "pass",
"emailIdentities": {
"smtp.mailfrom": "sanitized_email.com",
"smtp.mailfrom": "sanitized@sanitized.com",
"smtp.mailfromHashed": "d1f57788de71c4105a92fdae568b2318@infotest.com"
}
}, {
@ -1279,7 +1279,7 @@
"routes": ["Verified_Recipients", "default_inbound"],
"verified": {
"rcptsHashed": ["a9507a48e742eddedc7b82eaddc517a5@company.com"],
"rcpts": ["sanitized_email.com"]
"rcpts": ["sanitized@sanitized.com"]
},
"disposition": "continue",
"routeDirection": "inbound",
@ -1395,7 +1395,7 @@
"disposition": "continue",
"verified": {
"rcptsHashed": ["9be25eb1d50d83f622e39d8915e67859@company-group.com"],
"rcpts": ["sanitized_email.com"]
"rcpts": ["sanitized@sanitized.com"]
},
"routes": ["Verified_Recipients", "default_inbound"],
"isMsgReinjected": false,
@ -1472,7 +1472,7 @@
"result": "pass",
"emailIdentities": {
"smtp.mailfromHashed": "c1c67f0c3e893ac04568c61f47765cd2@buyappr.net",
"smtp.mailfrom": "sanitized_email.com"
"smtp.mailfrom": "sanitized@sanitized.com"
},
"method": "spf",
"reason": ""
@ -1500,9 +1500,9 @@
"ts": "2020-11-05T12:59:37.287999+0100",
"envelope": {
"fromHashed": "c1c67f0c3e893ac04568c61f47765cd2@buyappr.net",
"rcpts": ["sanitized_email.com"],
"rcpts": ["sanitized@sanitized.com"],
"rcptsHashed": ["9be25eb1d50d83f622e39d8915e67859@company-group.com"],
"from": "sanitized_email.com"
"from": "sanitized@sanitized.com"
},
"pps": {
"cid": "CID",
@ -1511,8 +1511,8 @@
},
"msg": {
"normalizedHeader": {
"to": ["Gina Gin <sanitized_email.com>"],
"from": ["Email Approval <sanitized_email.com>"],
"to": ["Gina Gin <sanitized@sanitized.com>"],
"from": ["Email Approval <sanitized@sanitized.com>"],
"message-id": ["115551705.107928.JavaMail.svcprodeu@app254.eu1.buyappr.net"],
"subject": ["Action required"],
"fromHashed": ["82e23d5f82d55ac7f8d480e120f088e1@buyappr.net"],
@ -1523,14 +1523,14 @@
"fromHashed": ["82e23d5f82d55ac7f8d480e120f088e1@buyappr.net"],
"subject": ["=?UTF-8?Q?Action_required"],
"message-id": ["<115551705.107928.JavaMail.svcprodeu@app254.eu1.buyappr.net>"],
"from": ["Email Approval <sanitized_email.com>"],
"to": ["Gina Gin <sanitized_email.com>"]
"from": ["Email Approval <sanitized@sanitized.com>"],
"to": ["Gina Gin <sanitized@sanitized.com>"]
},
"sizeBytes": 41738,
"lang": "en",
"parsedAddresses": {
"to": ["sanitized_email.com"],
"from": ["sanitized_email.com"],
"to": ["sanitized@sanitized.com"],
"from": ["sanitized@sanitized.com"],
"fromHashed": ["c1c67f0c3e893ac04568c61f47765cd2@buyappr.net"],
"toHashed": ["9be25eb1d50d83f622e39d8915e67859@company-group.com"]
}
@ -1612,11 +1612,11 @@
}, {
"msg": {
"parsedAddresses": {
"from": ["sanitized_email.com"],
"to": ["sanitized_email.com", "sanitized_email.com", "sanitized_email.com", "sanitized_email.com", "sanitized_email.com"],
"from": ["sanitized@sanitized.com"],
"to": ["sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com"],
"ccHashed": ["4160872c3e83b1399c3a2eb219ec0d07@infotest.com"],
"fromHashed": ["3e917f0fd05903ef251e45c4908574f5@infotest.com"],
"cc": ["sanitized_email.com"],
"cc": ["sanitized@sanitized.com"],
"toHashed": ["11a705cf38245865f2406516dc6d9c81@testgroup.com", "56ecfafcfda7e12632394ecc3f82306a@infotest.com", "548d70cdd206ae289e618bf2d4712a76@company.com", "909901bc9be498cd941609564e94c780@infotest.com", "47dd26ed37c32bb6845f2c20fc3eaceb@testgroup.com"]
},
"lang": "en",
@ -1624,22 +1624,22 @@
"subject": ["PROD SERVER"],
"message-id": ["<1604577574012.773@infotest.com>"],
"fromHashed": ["e1ceb3b33045a54dc255656b2f3ac7d2@infotest.com"],
"cc": ["company_EPOCH <sanitized_email.com>"],
"from": ["OpsSupport <sanitized_email.com>"],
"cc": ["company_EPOCH <sanitized@sanitized.com>"],
"from": ["OpsSupport <sanitized@sanitized.com>"],
"x-originating-ip": ["[10.53.222.187]"],
"ccHashed": ["c418ce0b2962c7cc6982aaab526b9ddd@infotest.com"],
"to": ["sanitized_email.com", "sanitized_email.com", "sanitized_email.com", "sanitized_email.com", "sanitized_email.com"],
"to": ["sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com"],
"toHashed": ["e18ddec243aac345329b8034180501b5@infotest.com>, <Ed.Ed"]
},
"sizeBytes": 24944,
"normalizedHeader": {
"toHashed": ["e18ddec243aac345329b8034180501b5@infotest.com>, <Ed.Ed"],
"from": ["OpsSupport <sanitized_email.com>"],
"from": ["OpsSupport <sanitized@sanitized.com>"],
"x-originating-ip": ["[10.53.222.187]"],
"ccHashed": ["c418ce0b2962c7cc6982aaab526b9ddd@infotest.com"],
"to": ["sanitized_email.com", "sanitized_email.com", "sanitized_email.com", "sanitized_email.com", "sanitized_email.com"],
"to": ["sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com", "sanitized@sanitized.com"],
"fromHashed": ["e1ceb3b33045a54dc255656b2f3ac7d2@infotest.com"],
"cc": ["company_EPOCH <sanitized_email.com>"],
"cc": ["company_EPOCH <sanitized@sanitized.com>"],
"message-id": ["1604577574012.773@infotest.com"],
"subject": ["PROD SERVER"]
}
@ -1767,7 +1767,7 @@
"method": "spf",
"reason": "",
"emailIdentities": {
"smtp.mailfrom": "sanitized_email.com",
"smtp.mailfrom": "sanitized@sanitized.com",
"smtp.mailfromHashed": "3e917f0fd05903ef251e45c4908574f5@infotest.com"
},
"result": "pass"
@ -1873,7 +1873,7 @@
"isMsgEncrypted": false,
"disposition": "continue",
"verified": {
"rcpts": ["sanitized_email.com"],
"rcpts": ["sanitized@sanitized.com"],
"rcptsHashed": ["548d70cdd206ae289e618bf2d4712a76@company.com"]
},
"isMsgReinjected": false,
@ -1881,8 +1881,8 @@
},
"envelope": {
"fromHashed": "3e917f0fd05903ef251e45c4908574f5@infotest.com",
"from": "sanitized_email.com",
"rcpts": ["sanitized_email.com"],
"from": "sanitized@sanitized.com",
"rcpts": ["sanitized@sanitized.com"],
"rcptsHashed": ["548d70cdd206ae289e618bf2d4712a76@company.com"]
},
"pps": {
@ -2028,31 +2028,31 @@
"envelope": {
"fromHashed": "827bbb621e4eb6f362bba78dcbb62ac1@mailer.exexe.com",
"from": "delivery_20201105065907.22003287.12735@mailer.exexe.com",
"rcpts": ["sanitized_email.com"],
"rcpts": ["sanitized@sanitized.com"],
"rcptsHashed": ["12bbc381763ab1c3247735c1fa75fefd@test.com"]
},
"guid": "w7huvQoQARIuW9b76VulX06gmyraEype",
"msg": {
"parsedAddresses": {
"to": ["sanitized_email.com"],
"to": ["sanitized@sanitized.com"],
"fromHashed": ["18126e7bd3f84b3f3e4df094def5b7de@exexe.com"],
"from": ["sanitized_email.com"],
"from": ["sanitized@sanitized.com"],
"toHashed": ["12bbc381763ab1c3247735c1fa75fefd@test.com"]
},
"header": {
"toHashed": ["12bbc381763ab1c3247735c1fa75fefd@test.com"],
"message-id": ["<20201105065907.22003287.12735@sailthru.com>"],
"x-mailer": ["sailthru.com"],
"from": ["Mike Mike <sanitized_email.com>"],
"from": ["Mike Mike <sanitized@sanitized.com>"],
"fromHashed": ["f867e6da20bd4f1871b19f1010ada05c@exexe.com"],
"to": ["sanitized_email.com"],
"to": ["sanitized@sanitized.com"],
"subject": ["subject"]
},
"lang": "en",
"normalizedHeader": {
"subject": ["Axe winners"],
"to": ["sanitized_email.com"],
"from": ["Mike Mike <sanitized_email.com>"],
"to": ["sanitized@sanitized.com"],
"from": ["Mike Mike <sanitized@sanitized.com>"],
"fromHashed": ["f867e6da20bd4f1871b19f1010ada05c@exexe.com"],
"toHashed": ["12bbc381763ab1c3247735c1fa75fefd@test.com"],
"x-mailer": ["sailthru.com"],
@ -2100,7 +2100,7 @@
"isMsgReinjected": false,
"verified": {
"rcptsHashed": ["12bbc381763ab1c3247735c1fa75fefd@test.com"],
"rcpts": ["sanitized_email.com"]
"rcpts": ["sanitized@sanitized.com"]
},
"msgSizeBytes": 85138,
"modules": {
@ -2137,16 +2137,16 @@
"safeBlockedListMatches": [{
"matchingField": {
"type": "msg.header.from",
"value": "sanitized_email.com"
"value": "sanitized@sanitized.com"
},
"listType": "safe",
"rule": "safe",
"list": {
"owner": "sanitized_email.com",
"owner": "sanitized@sanitized.com",
"ownerType": "user",
"entry": "sanitized_email.com"
"entry": "sanitized@sanitized.com"
},
"rcpts": ["sanitized_email.com"]
"rcpts": ["sanitized@sanitized.com"]
}],
"charsets": ["UTF-8"],
"triggeredClassifier": "safe",
@ -2158,7 +2158,7 @@
},
"dmarc": {
"records": [{
"record": "v=DMARC1; p=none; rua=mailto:sanitized_email.com; ruf=mailto:sanitized_email.com;",
"record": "v=DMARC1; p=none; rua=mailto:sanitized@sanitized.com; ruf=mailto:sanitized@sanitized.com;",
"query": "_dmarc.exexe.com"
}],
"filterdResult": "pass",
@ -2275,7 +2275,7 @@
"src": ["filter"],
"url": "https://exmail.qq.com/cgi-bin/setti"
}, {
"url": "mailto:sanitized_email.com",
"url": "mailto:sanitized@sanitized.com",
"src": ["filter"]
}],
"sizeDecodedBytes": 301172,
@ -2349,7 +2349,7 @@
"isMsgReinjected": false,
"verified": {
"rcptsHashed": ["ac89ba4cc75739f8ac258a27857492e8@testgroup.com"],
"rcpts": ["sanitized_email.com"]
"rcpts": ["sanitized@sanitized.com"]
},
"msgSizeBytes": 1074732,
"modules": {
@ -2389,7 +2389,7 @@
"authResults": [{
"emailIdentities": {
"smtp.mailfromHashed": "05ecaedeeb3beda9c255ce02a7adc6ed@mmm.net",
"smtp.mailfrom": "sanitized_email.com"
"smtp.mailfrom": "sanitized@sanitized.com"
},
"reason": "",
"result": "pass",
@ -2449,38 +2449,38 @@
"isMsgEncrypted": false
},
"envelope": {
"rcpts": ["sanitized_email.com"],
"rcpts": ["sanitized@sanitized.com"],
"rcptsHashed": ["ac89ba4cc75739f8ac258a27857492e8@testgroup.com"],
"from": "sanitized_email.com",
"from": "sanitized@sanitized.com",
"fromHashed": "05ecaedeeb3beda9c255ce02a7adc6ed@mmm.net"
},
"msg": {
"header": {
"toHashed": ["0de5ef08bee26a90cbb410ad01125688@mmm.net>, \"=?utf-8?B?5byg6ZSQ?=\" <ruizhang1"],
"from": ["\"=?utf-8?B?6Zia6ZOO?=\" <sanitized_email.com>"],
"from": ["\"=?utf-8?B?6Zia6ZOO?=\" <sanitized@sanitized.com>"],
"fromHashed": ["d1cfb6d1afcc97dcf52460d44932d835@mmm.net"],
"x-originating-ip": ["202.111.242.215"],
"message-id": ["<sanitized_email.com>"],
"message-id": ["<sanitized@sanitized.com>"],
"x-mailer": ["QQMail 2.x"],
"subject": ["=?ut8?B?6K+3?="],
"to": ["<sanitized_email.com>"]
"to": ["<sanitized@sanitized.com>"]
},
"parsedAddresses": {
"from": ["sanitized_email.com"],
"from": ["sanitized@sanitized.com"],
"fromHashed": ["05ecaedeeb3beda9c255ce02a7adc6ed@mmm.net"],
"to": ["sanitized_email.com"],
"to": ["sanitized@sanitized.com"],
"toHashed": ["bb20434d70c5d5edf77275b030161ae7@company.com"]
},
"lang": "und",
"normalizedHeader": {
"x-originating-ip": ["99.111.242.215"],
"message-id": ["sanitized_email.com"],
"message-id": ["sanitized@sanitized.com"],
"x-mailer": ["QQMail 2.x"],
"subject": ["Re:FW:7"],
"to": ["<sanitized_email.com>"],
"to": ["<sanitized@sanitized.com>"],
"toHashed": ["0004b7b07ede063f7fa018f2031620a0@mmm.net>"],
"fromHashed": ["00097fc0b7cd23829ba697b2e9bd6235@mmm.net"],
"from": ["<sanitized_email.com>"]
"from": ["<sanitized@sanitized.com>"]
},
"sizeBytes": 1073201
},
@ -2547,13 +2547,13 @@
"toHashed": ["855f7e72e2f4c924b6547ffe932ab417@company.com"],
"from": ["service@mc.mail.com"],
"fromHashed": ["aaabf0d39951f3e6c3e8a7911df524c2@mc.mail.com"],
"to": ["sanitized_email.com"]
"to": ["sanitized@sanitized.com"]
},
"header": {
"fromHashed": ["abb44308fe91aab7f5a217f7b559436d@mc.mail.com"],
"from": ["=?utf-8?Q?= <service@mc.mail.com>"],
"subject": ["=?utf-8?B?5o2i6LSnSE55CG?="],
"to": ["sanitized_email.com"],
"to": ["sanitized@sanitized.com"],
"toHashed": ["855f7e72e2f4c924b6547ffe932ab417@company.com"],
"message-id": ["<2016323645.1176296.1604577549161@msg000.center.na61>"]
},
@ -2562,14 +2562,14 @@
"message-id": ["2016323645.1176296.1604577549161@msg000.center.na61"],
"toHashed": ["855f7e72e2f4c924b6547ffe932ab417@company.com"],
"subject": ["\u6362\u8d27\u901a\u77e5\uff1a\u4e70\u5b406"],
"to": ["sanitized_email.com"],
"to": ["sanitized@sanitized.com"],
"from": ["<service@mc.mail.com>"],
"fromHashed": ["338798f259105d1dab5b78bc340ed99e@mc.mail.com"]
}
},
"envelope": {
"rcptsHashed": ["855f7e72e2f4c924b6547ffe932ab417@company.com"],
"rcpts": ["sanitized_email.com"],
"rcpts": ["sanitized@sanitized.com"],
"from": "service@mc.mail.com",
"fromHashed": "aaabf0d39951f3e6c3e8a7911df524c2@mc.mail.com"
},
@ -2666,7 +2666,7 @@
},
"verified": {
"rcptsHashed": ["855f7e72e2f4c924b6547ffe932ab417@company.com"],
"rcpts": ["sanitized_email.com"]
"rcpts": ["sanitized@sanitized.com"]
},
"isMsgReinjected": false,
"routeDirection": "inbound",
@ -2884,11 +2884,11 @@
"list": {
"ownerType": "user",
"owner": "juan@company-group.com",
"entry": "sanitized_email.com"
"entry": "sanitized@sanitized.com"
},
"rule": "safe",
"matchingField": {
"value": "sanitized_email.com",
"value": "sanitized@sanitized.com",
"type": "msg.header.from"
}
}],
@ -2948,30 +2948,30 @@
},
"msg": {
"header": {
"from": ["Programs <sanitized_email.com>"],
"from": ["Programs <sanitized@sanitized.com>"],
"fromHashed": ["122fe4b290aafa15487849ae8386c4b1@global.edu"],
"toHashed": ["ebd7460157a5a08bcf13135e9a14a8cd@company-group.com"],
"subject": ["Global Program"],
"to": ["juan@company-group.com"],
"reply-toHashed": ["3a57238a52530dd77cbc7b7dc60c69f0@iese.edu"],
"reply-to": ["sanitized_email.com"],
"reply-to": ["sanitized@sanitized.com"],
"message-id": ["<b24e998f-ec3b-468b-bc42-6ec860c75e22@dfw1s10mta49.xt.local>"]
},
"parsedAddresses": {
"toHashed": ["ebd7460157a5a08bcf13135e9a14a8cd@company-group.com"],
"from": ["sanitized_email.com"],
"from": ["sanitized@sanitized.com"],
"fromHashed": ["75cf98be3d7af2fb6f43e6353ea0afa5@global.edu"],
"to": ["juan@company-group.com"]
},
"lang": "fr",
"normalizedHeader": {
"fromHashed": ["122fe4b290aafa15487849ae8386c4b1@global.edu"],
"from": ["Programs <sanitized_email.com>"],
"from": ["Programs <sanitized@sanitized.com>"],
"toHashed": ["ebd7460157a5a08bcf13135e9a14a8cd@company-group.com"],
"to": ["juan@company-group.com"],
"subject": ["Global Program"],
"reply-toHashed": ["3a57238a52530dd77cbc7b7dc60c69f0@iese.edu"],
"reply-to": ["sanitized_email.com"],
"reply-to": ["sanitized@sanitized.com"],
"message-id": ["b24e998f-ec3b-468b-bc42-6ec860c75e22@dfw1s10mta49.xt.local"]
},
"sizeBytes": 62483

66
Sample Data/Custom/SalesforceServiceCloud_CL.json
Просмотреть файл

@ -26,7 +26,7 @@
"user_id_derived": "0053X00000BoLQRQA3",
"client_ip": "",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "ApexCallout",
@ -50,7 +50,7 @@
"user_id_derived": "0050O000008bidxQAA",
"client_ip": "91.234.188.144",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "ApexExecution",
@ -74,7 +74,7 @@
"user_id_derived": "0053X000009rC26QAE",
"client_ip": "",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "ApexRestApi",
@ -104,7 +104,7 @@
"user_id_derived": "0053X000009q0tMQAQ",
"client_ip": "18.193.113.245",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "ApexSoap",
@ -128,7 +128,7 @@
"user_id_derived": "00520000004aQgaAAE",
"client_ip": "2.220.90.133",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "ApexTrigger",
@ -152,7 +152,7 @@
"user_id_derived": "0050O000008bvs8QAA",
"client_ip": "",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "ApexUnexpectedException",
@ -196,7 +196,7 @@
"uri_id_derived": "",
"report_id_derived": "00O3X00000C8gq9UAB",
"origin": "DashboardComponentUpdated",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "BulkApi",
@ -221,7 +221,7 @@
"user_id_derived": "00520000005RLcQAAW",
"client_ip": "34.240.243.167",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "Console",
@ -247,7 +247,7 @@
"console_id_derived": "02u0O000000h4cPQAQ",
"component_id_derived": "",
"record_id_derived": "5003X00001xwrDUQAY",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "ContentDistribution",
@ -275,7 +275,7 @@
"sharing_operation": "INSERT",
"timestamp_derived": "2020-10-16T10:00:09.019Z",
"user_id_derived": "0053X00000BmHhzQAF",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "ContentTransfer",
@ -293,7 +293,7 @@
"user_id_derived": "0053X00000BmHhzQAF",
"document_id_derived": "0693X00000HKWgjQAH",
"version_id_derived": "0683X00000HpIG7QAN",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "Dashboard",
@ -318,7 +318,7 @@
"uri_id_derived": "",
"dashboard_id_derived": "01Z3X000001DKEjUAO",
"report_id_derived": "00O3X00000C8gq9UAB",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "DocumentAttachmentDownloads",
@ -330,7 +330,7 @@
"user_id": "005200000045Srm",
"timestamp_derived": "2020-10-16T10:00:00.000Z",
"user_id_derived": "005200000045SrmAAE",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "EVENT_TYPE",
@ -412,7 +412,7 @@
"timestamp_derived": "2020-10-16T10:09:26.076Z",
"user_id_derived": "0053X00000BmbOlQAJ",
"client_ip": "185.67.177.180",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "LightningInteraction",
@ -460,7 +460,7 @@
"timestamp_derived": "2020-10-16T10:00:00.004Z",
"user_id_derived": "0050O000008cCNlQAM",
"client_ip": "212.252.210.6",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "LightningPageView",
@ -509,7 +509,7 @@
"timestamp_derived": "2020-10-16T10:00:00.019Z",
"user_id_derived": "0050O000008cCNlQAM",
"client_ip": "212.252.210.6",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "LightningPerformance",
@ -544,7 +544,7 @@
"timestamp_derived": "2020-10-16T10:00:00.000Z",
"user_id_derived": "0050O000008cCNlQAM",
"client_ip": "212.252.210.6",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "Login",
@ -571,7 +571,7 @@
"uri_id_derived": "",
"login_status": "LOGIN_NO_ERROR",
"source_ip": "Salesforce.com IP",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "LoginAs",
@ -584,14 +584,14 @@
"uri": "/visualforce/session",
"session_key": "D/ZK1jxLTtINwSy9",
"login_key": "aHKl5FHYJgCuaTvz",
"delegated_user_name": "sanitized_email.com",
"delegated_user_name": "sanitized@sanitized.com",
"delegated_user_id": "0050O000003RBWV",
"timestamp_derived": "2020-10-16T10:02:53.338Z",
"user_id_derived": "0053X00000Bole6QAB",
"client_ip": "183.83.43.64",
"uri_id_derived": "",
"delegated_user_id_derived": "0050O000003RBWVQA4",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "Logout",
@ -615,7 +615,7 @@
"timestamp_derived": "2020-10-16T10:00:11.637Z",
"user_id_derived": "0053X00000BoqlMQAR",
"client_ip": "110.54.241.239",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "MetadataApiOperation",
@ -635,7 +635,7 @@
"user_id_derived": "0050O0000077xq4QAA",
"client_ip": "35.168.189.83",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "QueuedExecution",
@ -656,7 +656,7 @@
"user_id_derived": "00520000004XQ3NAAW",
"client_ip": "",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "Report",
@ -689,7 +689,7 @@
"uri_id_derived": "",
"report_id_derived": "00O3X00000B4bTEUAZ",
"origin": "ReportRunFromLightning",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "ReportExport",
@ -708,7 +708,7 @@
"user_id_derived": "0053X000008J9VOQA0",
"client_ip": "84.106.139.215",
"uri_id_derived": "00O3X00000C8f8VUAR",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "RestApi",
@ -738,7 +738,7 @@
"user_id_derived": "0050O000008r5VSQAY",
"client_ip": "34.249.67.239",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "Search",
@ -791,7 +791,7 @@
"user_id_derived": "005200000045SrmAAE",
"client_ip": "77.21.249.125",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "TimeBasedWorkflow",
@ -812,7 +812,7 @@
"user_id_derived": "00520000003f5StAAI",
"client_ip": "",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "URI",
@ -834,7 +834,7 @@
"user_id_derived": "0053X00000B24ClQAJ",
"client_ip": "37.35.67.24",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "VisualforceRequest",
@ -867,7 +867,7 @@
"user_id_derived": "00520000004aQgaAAE",
"client_ip": "80.3.215.183",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "WaveChange",
@ -894,7 +894,7 @@
"user_id_derived": "0053X00000BoYx9QAF",
"client_ip": "213.127.24.9",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "WaveInteraction",
@ -920,7 +920,7 @@
"user_id_derived": "0053X00000BoYx9QAF",
"client_ip": "213.127.24.9",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
},
{
"event_type": "WavePerformance",
@ -945,6 +945,6 @@
"user_id_derived": "0053X00000BoYx9QAF",
"client_ip": "213.127.24.9",
"uri_id_derived": "",
"user_email": "sanitized_email.com"
"user_email": "sanitized@sanitized.com"
}
]

10
Sample Data/Custom/SenservaPro_CL.json
Просмотреть файл

@ -1,7 +1,7 @@
[
{
"ControlName": "UserTest",
"Value": "[{\"Tag\":\"UserName\",\"Value\":\"TestUser (sanitized_email.com)\"},{\"Tag\":\"Roles\",\"Value\":{\"$values\":[]}}]",
"Value": "[{\"Tag\":\"UserName\",\"Value\":\"TestUser (sanitized@sanitized.com)\"},{\"Tag\":\"Roles\",\"Value\":{\"$values\":[]}}]",
"Reference": [],
"Group": "Users",
"MitreControls": [
@ -34,7 +34,7 @@
},
{
"ControlName": "UserTest",
"Value": "[{\"Tag\":\"UserName\",\"Value\":\"TestUser (sanitized_email.com)\"},{\"Tag\":\"Date\",\"Value\":\"5/10/2020\"}]",
"Value": "[{\"Tag\":\"UserName\",\"Value\":\"TestUser (sanitized@sanitized.com)\"},{\"Tag\":\"Date\",\"Value\":\"5/10/2020\"}]",
"Reference": [],
"Group": "Users",
"MitreControls": [
@ -67,7 +67,7 @@
},
{
"ControlName": "UserTest",
"Value": "[{\"Tag\":\"UserName\",\"Value\":\"TestUser (sanitized_email.com)\"},{\"Tag\":\"UserScore\",\"Value\":3}]",
"Value": "[{\"Tag\":\"UserName\",\"Value\":\"TestUser (sanitized@sanitized.com)\"},{\"Tag\":\"UserScore\",\"Value\":3}]",
"Reference": [
"https://portal.azure.com"
],
@ -102,7 +102,7 @@
},
{
"ControlName": "UserTest",
"Value": "[{\"Tag\":\"UserName\",\"Value\":\"TestUser (sanitized_email.com)\"},{\"Tag\":\"Data\",\"Value\":\"Test\"}]",
"Value": "[{\"Tag\":\"UserName\",\"Value\":\"TestUser (sanitized@sanitized.com)\"},{\"Tag\":\"Data\",\"Value\":\"Test\"}]",
"Reference": [],
"Group": "Users",
"MitreControls": [
@ -135,7 +135,7 @@
},
{
"ControlName": "UserTest",
"Value": "[{\"Tag\":\"UserName\",\"Value\":\"TestUser (sanitized_email.com)\"},{\"Tag\":\"Roles\",\"Value\":{\"$values\":[]}}]",
"Value": "[{\"Tag\":\"UserName\",\"Value\":\"TestUser (sanitized@sanitized.com)\"},{\"Tag\":\"Roles\",\"Value\":{\"$values\":[]}}]",
"Reference": [],
"Group": "Users",
"MitreControls": [

60
Sample Data/Custom/SlackAudit_CL.json
Просмотреть файл

@ -8,7 +8,7 @@
"user":{
"id":"U012KR7ESM7",
"name":"User1",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -43,7 +43,7 @@
"user":{
"id":"U012KR7ESM7",
"name":"User1",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -78,7 +78,7 @@
"user":{
"id":"U07SXRGEB",
"name":"user2",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -113,7 +113,7 @@
"user":{
"id":"U01EWN3CHNX",
"name":"User3",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -148,7 +148,7 @@
"user":{
"id":"U01EWN3CHNX",
"name":"User3",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -183,7 +183,7 @@
"user":{
"id":"U01EWN3CHNX",
"name":"User3",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -218,7 +218,7 @@
"user":{
"id":"U01EWN3CHNX",
"name":"User3",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -253,7 +253,7 @@
"user":{
"id":"U010A7QVD9U",
"name":"User4",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -288,7 +288,7 @@
"user":{
"id":"U010A7QVD9U",
"name":"User4",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -323,7 +323,7 @@
"user":{
"id":"U010A7QVD9U",
"name":"User4",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -358,7 +358,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -393,7 +393,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -428,7 +428,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -463,7 +463,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -498,7 +498,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -533,7 +533,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -568,7 +568,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -603,7 +603,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -638,7 +638,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -673,7 +673,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -708,7 +708,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -743,7 +743,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -778,7 +778,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -813,7 +813,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -848,7 +848,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -883,7 +883,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -918,7 +918,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -953,7 +953,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -988,7 +988,7 @@
"user":{
"id":"U01BXHDHB1N",
"name":"user5",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},
@ -1023,7 +1023,7 @@
"user":{
"id":"U5S373UEB",
"name":"user6",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"team":"T07SX0QAU"
}
},

32
Sample Data/Custom/TrendMicro_XDR_CL.json
Просмотреть файл

@ -8,7 +8,7 @@
"entityType": "account",
"entityValue": "sam",
"relatedEntities": [
"sanitized_email.com"
"sanitized@sanitized.com"
],
"relatedIndicators": []
},
@ -18,7 +18,7 @@
"entityValue": "shockwave\\sam",
"relatedEntities": [
"35FA11DA-A24E-40CF-8B56-BAF8828CC15E",
"sanitized_email.com"
"sanitized@sanitized.com"
],
"relatedIndicators": []
},
@ -45,9 +45,9 @@
]
},
{
"entityId": "sanitized_email.com",
"entityId": "sanitized@sanitized.com",
"entityType": "emailAddress",
"entityValue": "sanitized_email.com",
"entityValue": "sanitized@sanitized.com",
"relatedEntities": [
"sam",
"shockwave\\sam"
@ -60,9 +60,9 @@
]
},
{
"entityId": "sanitized_email.com",
"entityId": "sanitized@sanitized.com",
"entityType": "emailAddress",
"entityValue": "sanitized_email.com",
"entityValue": "sanitized@sanitized.com",
"relatedEntities": [],
"relatedIndicators": [
3,
@ -73,8 +73,8 @@
],
"impactScope_account": "sam",
"impactScope_accounts": "sam, shockwave\\sam",
"impactScope_emailAddress": "sanitized_email.com",
"impactScope_emailAddresss": "sanitized_email.com, sanitized_email.com",
"impactScope_emailAddress": "sanitized@sanitized.com",
"impactScope_emailAddresss": "sanitized@sanitized.com, sanitized@sanitized.com",
"impactScope_host": "10.10.58.51",
"impactScope_hostGuid": "35FA11DA-A24E-40CF-8B56-BAF8828CC15E",
"impactScope_hostname": "Nimda",
@ -110,8 +110,8 @@
"objectType": "email_subject",
"objectValue": "[Emergency] Important information",
"relatedEntities": [
"sanitized_email.com",
"sanitized_email.com"
"sanitized@sanitized.com",
"sanitized@sanitized.com"
]
},
{
@ -133,8 +133,8 @@
"objectType": "email_message_id",
"objectValue": "<5d70b5da54984d0ea7e8710da1fced60@gmmgr01r>",
"relatedEntities": [
"sanitized_email.com",
"sanitized_email.com"
"sanitized@sanitized.com",
"sanitized@sanitized.com"
]
},
{
@ -156,8 +156,8 @@
"objectType": "url",
"objectValue": "http://www.zwtsrsikah.com/ds7002.zip",
"relatedEntities": [
"sanitized_email.com",
"sanitized_email.com"
"sanitized@sanitized.com",
"sanitized@sanitized.com"
]
},
{
@ -177,9 +177,9 @@
],
"id": 9,
"objectType": "email_sender",
"objectValue": "sanitized_email.com",
"objectValue": "sanitized@sanitized.com",
"relatedEntities": [
"sanitized_email.com"
"sanitized@sanitized.com"
]
},
{

12
Sample Data/Custom/Workplace_Facebook_CL.json
Просмотреть файл

@ -11,9 +11,9 @@
"actor_community_id":"504942443827307",
"actor_scim_company_id":"504942447160640",
"actor_id":"100064094363063",
"actor_email":"sanitized_email.com",
"actor_email":"sanitized@sanitized.com",
"target_id":"100064094363063",
"target_email":"sanitized_email.com",
"target_email":"sanitized@sanitized.com",
"ip":"165.225.52.52",
"timestamp":"2021-03-29T12:00:20+0000",
"event":"CUSTOM_INTEGRATION_EDIT",
@ -46,9 +46,9 @@
"actor_community_id":"504942443823307",
"actor_scim_company_id":"504942445660640",
"actor_id":"100064094363034",
"actor_email":"sanitized_email.com",
"actor_email":"sanitized@sanitized.com",
"target_id":"100064094363045",
"target_email":"sanitized_email.com",
"target_email":"sanitized@sanitized.com",
"ip":"165.34.34.52",
"timestamp":"2021-03-29T12:00:20+0000",
"event":"CUSTOM_INTEGRATION_EDIT",
@ -81,9 +81,9 @@
"actor_community_id":"345942443827307",
"actor_scim_company_id":"3456742447160640",
"actor_id":"1000640943630345",
"actor_email":"sanitized_email.com",
"actor_email":"sanitized@sanitized.com",
"target_id":"100064045694363063",
"target_email":"sanitized_email.com",
"target_email":"sanitized@sanitized.com",
"ip":"165.67.56.51",
"timestamp":"2021-03-29T12:00:20+0000",
"event":"CUSTOM_INTEGRATION_EDIT",

4
Sample Data/Custom/ZPA_CL.json
Просмотреть файл

@ -3,7 +3,7 @@
"hostname":"srv-000"
},
{
"message":"{\"LogTimestamp\": \"Tue Mar 23 13:10:53 2021\",\"Customer\": \"Test\",\"SessionID\": \"2rq1jwFdb3T1ioovdwSO\",\"ConnectionID\": \"2rq1jwFdb3T1ioovdwSO,k/IhMqgnLSfT2m6x2ABp\",\"InternalReason\": \"BRK_MT_TERMINATED\",\"ConnectionStatus\": \"close\",\"IPProtocol\": 6,\"DoubleEncryption\": 0,\"Username\": \"sanitized_email.com\",\"ServicePort\": 5985,\"ClientPublicIP\": \"1.2.3.4\",\"ClientPrivateIP\": \"192.168.1.41\",\"ClientLatitude\": 50.000000,\"ClientLongitude\": 30.000000,\"ClientCountryCode\": \"UA\",\"ClientZEN\": \"EU-PL-9523\",\"Policy\": \"Allow Internal Application Group\",\"Connector\": \"OVH-DE-1\",\"ConnectorZEN\": \"EU-PL-9523\",\"ConnectorIP\": \"10.11.10.100\",\"ConnectorPort\": 47776,\"Host\": \"srv-001.dom.com\",\"Application\": \"srv-001\",\"AppGroup\": \"Internal Application Group\",\"Server\": \"0\",\"ServerIP\": \"10.11.10.12\",\"ServerPort\": 5985,\"PolicyProcessingTime\": 18,\"ServerSetupTime\": 490,\"TimestampConnectionStart\": \"2021-03-23T13:10:48.621Z\",\"TimestampConnectionEnd\": \"2021-03-23T13:10:53.678Z\",\"TimestampCATx\": \"\",\"TimestampCARx\": \"2021-03-23T13:10:48.621Z\",\"TimestampAppLearnStart\": \"\",\"TimestampZENFirstRxClient\": \"2021-03-23T13:10:48.686Z\",\"TimestampZENFirstTxClient\": \"2021-03-23T13:10:48.667Z\",\"TimestampZENLastRxClient\": \"2021-03-23T13:10:48.856Z\",\"TimestampZENLastTxClient\": \"2021-03-23T13:10:48.832Z\",\"TimestampConnectorZENSetupComplete\": \"2021-03-23T13:10:48.644Z\",\"TimestampZENFirstRxConnector\": \"2021-03-23T13:10:48.667Z\",\"TimestampZENFirstTxConnector\": \"2021-03-23T13:10:48.644Z\",\"TimestampZENLastRxConnector\": \"2021-03-23T13:10:48.832Z\",\"TimestampZENLastTxConnector\": \"2021-03-23T13:10:48.856Z\",\"ZENTotalBytesRxClient\": 5904,\"ZENBytesRxClient\": 5904,\"ZENTotalBytesTxClient\": 49601,\"ZENBytesTxClient\": 49601,\"ZENTotalBytesRxConnector\": 49601,\"ZENBytesRxConnector\": 49601,\"ZENTotalBytesTxConnector\": 8515,\"ZENBytesTxConnector\": 8515,\"Idp\": \"Google\"}",
"message":"{\"LogTimestamp\": \"Tue Mar 23 13:10:53 2021\",\"Customer\": \"Test\",\"SessionID\": \"2rq1jwFdb3T1ioovdwSO\",\"ConnectionID\": \"2rq1jwFdb3T1ioovdwSO,k/IhMqgnLSfT2m6x2ABp\",\"InternalReason\": \"BRK_MT_TERMINATED\",\"ConnectionStatus\": \"close\",\"IPProtocol\": 6,\"DoubleEncryption\": 0,\"Username\": \"sanitized@sanitized.com\",\"ServicePort\": 5985,\"ClientPublicIP\": \"1.2.3.4\",\"ClientPrivateIP\": \"192.168.1.41\",\"ClientLatitude\": 50.000000,\"ClientLongitude\": 30.000000,\"ClientCountryCode\": \"UA\",\"ClientZEN\": \"EU-PL-9523\",\"Policy\": \"Allow Internal Application Group\",\"Connector\": \"OVH-DE-1\",\"ConnectorZEN\": \"EU-PL-9523\",\"ConnectorIP\": \"10.11.10.100\",\"ConnectorPort\": 47776,\"Host\": \"srv-001.dom.com\",\"Application\": \"srv-001\",\"AppGroup\": \"Internal Application Group\",\"Server\": \"0\",\"ServerIP\": \"10.11.10.12\",\"ServerPort\": 5985,\"PolicyProcessingTime\": 18,\"ServerSetupTime\": 490,\"TimestampConnectionStart\": \"2021-03-23T13:10:48.621Z\",\"TimestampConnectionEnd\": \"2021-03-23T13:10:53.678Z\",\"TimestampCATx\": \"\",\"TimestampCARx\": \"2021-03-23T13:10:48.621Z\",\"TimestampAppLearnStart\": \"\",\"TimestampZENFirstRxClient\": \"2021-03-23T13:10:48.686Z\",\"TimestampZENFirstTxClient\": \"2021-03-23T13:10:48.667Z\",\"TimestampZENLastRxClient\": \"2021-03-23T13:10:48.856Z\",\"TimestampZENLastTxClient\": \"2021-03-23T13:10:48.832Z\",\"TimestampConnectorZENSetupComplete\": \"2021-03-23T13:10:48.644Z\",\"TimestampZENFirstRxConnector\": \"2021-03-23T13:10:48.667Z\",\"TimestampZENFirstTxConnector\": \"2021-03-23T13:10:48.644Z\",\"TimestampZENLastRxConnector\": \"2021-03-23T13:10:48.832Z\",\"TimestampZENLastTxConnector\": \"2021-03-23T13:10:48.856Z\",\"ZENTotalBytesRxClient\": 5904,\"ZENBytesRxClient\": 5904,\"ZENTotalBytesTxClient\": 49601,\"ZENBytesTxClient\": 49601,\"ZENTotalBytesRxConnector\": 49601,\"ZENBytesRxConnector\": 49601,\"ZENTotalBytesTxConnector\": 8515,\"ZENBytesTxConnector\": 8515,\"Idp\": \"Google\"}",
"hostname":"srv-000"
},
{
@ -11,7 +11,7 @@
"hostname":"srv-000"
},
{
"message":"{\"LogTimestamp\": \"Tue Mar 23 13:10:53 2021\",\"Customer\": \"Test\",\"SessionID\": \"2rq1jwFdb3T1ioovdwSO\",\"ConnectionID\": \"2rq1jwFdb3T1ioovdwSO,k/IhMqgnLSfT2m6x2ABp\",\"InternalReason\": \"BRK_MT_TERMINATED\",\"ConnectionStatus\": \"close\",\"IPProtocol\": 6,\"DoubleEncryption\": 0,\"Username\": \"sanitized_email.com\",\"ServicePort\": 5985,\"ClientPublicIP\": \"1.2.3.4\",\"ClientPrivateIP\": \"192.168.1.41\",\"ClientLatitude\": 50.000000,\"ClientLongitude\": 30.000000,\"ClientCountryCode\": \"UA\",\"ClientZEN\": \"EU-PL-9523\",\"Policy\": \"Allow Internal Application Group\",\"Connector\": \"OVH-DE-1\",\"ConnectorZEN\": \"EU-PL-9523\",\"ConnectorIP\": \"10.11.10.100\",\"ConnectorPort\": 47776,\"Host\": \"srv-001.dom.com\",\"Application\": \"srv-001\",\"AppGroup\": \"Internal Application Group\",\"Server\": \"0\",\"ServerIP\": \"10.11.10.12\",\"ServerPort\": 5985,\"PolicyProcessingTime\": 18,\"ServerSetupTime\": 490,\"TimestampConnectionStart\": \"2021-03-23T13:10:48.621Z\",\"TimestampConnectionEnd\": \"2021-03-23T13:10:53.678Z\",\"TimestampCATx\": \"\",\"TimestampCARx\": \"2021-03-23T13:10:48.621Z\",\"TimestampAppLearnStart\": \"\",\"TimestampZENFirstRxClient\": \"2021-03-23T13:10:48.686Z\",\"TimestampZENFirstTxClient\": \"2021-03-23T13:10:48.667Z\",\"TimestampZENLastRxClient\": \"2021-03-23T13:10:48.856Z\",\"TimestampZENLastTxClient\": \"2021-03-23T13:10:48.832Z\",\"TimestampConnectorZENSetupComplete\": \"2021-03-23T13:10:48.644Z\",\"TimestampZENFirstRxConnector\": \"2021-03-23T13:10:48.667Z\",\"TimestampZENFirstTxConnector\": \"2021-03-23T13:10:48.644Z\",\"TimestampZENLastRxConnector\": \"2021-03-23T13:10:48.832Z\",\"TimestampZENLastTxConnector\": \"2021-03-23T13:10:48.856Z\",\"ZENTotalBytesRxClient\": 5904,\"ZENBytesRxClient\": 5904,\"ZENTotalBytesTxClient\": 49601,\"ZENBytesTxClient\": 49601,\"ZENTotalBytesRxConnector\": 49601,\"ZENBytesRxConnector\": 49601,\"ZENTotalBytesTxConnector\": 8515,\"ZENBytesTxConnector\": 8515,\"Idp\": \"Google\"}",
"message":"{\"LogTimestamp\": \"Tue Mar 23 13:10:53 2021\",\"Customer\": \"Test\",\"SessionID\": \"2rq1jwFdb3T1ioovdwSO\",\"ConnectionID\": \"2rq1jwFdb3T1ioovdwSO,k/IhMqgnLSfT2m6x2ABp\",\"InternalReason\": \"BRK_MT_TERMINATED\",\"ConnectionStatus\": \"close\",\"IPProtocol\": 6,\"DoubleEncryption\": 0,\"Username\": \"sanitized@sanitized.com\",\"ServicePort\": 5985,\"ClientPublicIP\": \"1.2.3.4\",\"ClientPrivateIP\": \"192.168.1.41\",\"ClientLatitude\": 50.000000,\"ClientLongitude\": 30.000000,\"ClientCountryCode\": \"UA\",\"ClientZEN\": \"EU-PL-9523\",\"Policy\": \"Allow Internal Application Group\",\"Connector\": \"OVH-DE-1\",\"ConnectorZEN\": \"EU-PL-9523\",\"ConnectorIP\": \"10.11.10.100\",\"ConnectorPort\": 47776,\"Host\": \"srv-001.dom.com\",\"Application\": \"srv-001\",\"AppGroup\": \"Internal Application Group\",\"Server\": \"0\",\"ServerIP\": \"10.11.10.12\",\"ServerPort\": 5985,\"PolicyProcessingTime\": 18,\"ServerSetupTime\": 490,\"TimestampConnectionStart\": \"2021-03-23T13:10:48.621Z\",\"TimestampConnectionEnd\": \"2021-03-23T13:10:53.678Z\",\"TimestampCATx\": \"\",\"TimestampCARx\": \"2021-03-23T13:10:48.621Z\",\"TimestampAppLearnStart\": \"\",\"TimestampZENFirstRxClient\": \"2021-03-23T13:10:48.686Z\",\"TimestampZENFirstTxClient\": \"2021-03-23T13:10:48.667Z\",\"TimestampZENLastRxClient\": \"2021-03-23T13:10:48.856Z\",\"TimestampZENLastTxClient\": \"2021-03-23T13:10:48.832Z\",\"TimestampConnectorZENSetupComplete\": \"2021-03-23T13:10:48.644Z\",\"TimestampZENFirstRxConnector\": \"2021-03-23T13:10:48.667Z\",\"TimestampZENFirstTxConnector\": \"2021-03-23T13:10:48.644Z\",\"TimestampZENLastRxConnector\": \"2021-03-23T13:10:48.832Z\",\"TimestampZENLastTxConnector\": \"2021-03-23T13:10:48.856Z\",\"ZENTotalBytesRxClient\": 5904,\"ZENBytesRxClient\": 5904,\"ZENTotalBytesTxClient\": 49601,\"ZENBytesTxClient\": 49601,\"ZENTotalBytesRxConnector\": 49601,\"ZENBytesRxConnector\": 49601,\"ZENTotalBytesTxConnector\": 8515,\"ZENBytesTxConnector\": 8515,\"Idp\": \"Google\"}",
"hostname":"srv-000"
}
]

230
Sample Data/Custom/ZimperiumThreatLog_CL.json
Просмотреть файл

@ -19,7 +19,7 @@
"device_os_s": "android",
"device_os_version_s": "6.5.2",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.253",
@ -97,7 +97,7 @@
"device_os_s": "ios",
"device_os_version_s": "13.3.1",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.206",
@ -156,7 +156,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.253",
@ -222,7 +222,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.125",
@ -290,7 +290,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.129",
@ -349,7 +349,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -408,7 +408,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.335",
@ -540,7 +540,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.253",
@ -606,7 +606,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.253",
@ -665,7 +665,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.253",
@ -724,7 +724,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.102",
@ -783,7 +783,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.129",
@ -849,7 +849,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.129",
@ -915,7 +915,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.129",
@ -974,7 +974,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.129",
@ -1040,7 +1040,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.129",
@ -1106,7 +1106,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.129",
@ -1165,7 +1165,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.206",
@ -1224,7 +1224,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.206",
@ -1283,7 +1283,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.206",
@ -1349,7 +1349,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.206",
@ -1415,7 +1415,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.206",
@ -1481,7 +1481,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.206",
@ -1540,7 +1540,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.206",
@ -1599,7 +1599,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -1665,7 +1665,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -1731,7 +1731,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -1792,7 +1792,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.206",
@ -1983,7 +1983,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.125",
@ -2049,7 +2049,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.125",
@ -2115,7 +2115,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.125",
@ -2181,7 +2181,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.206",
@ -2306,7 +2306,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.125",
@ -2372,7 +2372,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.253",
@ -2438,7 +2438,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.317",
@ -2497,7 +2497,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.300",
@ -2563,7 +2563,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.300",
@ -2629,7 +2629,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.300",
@ -2695,7 +2695,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.300",
@ -2761,7 +2761,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.317",
@ -2820,7 +2820,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.335",
@ -2886,7 +2886,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.253",
@ -3006,7 +3006,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.317",
@ -3065,7 +3065,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.206",
@ -3185,7 +3185,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.335",
@ -3251,7 +3251,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.317",
@ -3310,7 +3310,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.317",
@ -3376,7 +3376,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.317",
@ -3435,7 +3435,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.317",
@ -3501,7 +3501,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.317",
@ -3560,7 +3560,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.317",
@ -3638,7 +3638,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.335",
@ -3697,7 +3697,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.335",
@ -3756,7 +3756,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.335",
@ -3815,7 +3815,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.335",
@ -3881,7 +3881,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.335",
@ -3947,7 +3947,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -4006,7 +4006,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.335",
@ -4072,7 +4072,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.335",
@ -4138,7 +4138,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.335",
@ -4204,7 +4204,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.335",
@ -4270,7 +4270,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -4329,7 +4329,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.253",
@ -4395,7 +4395,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.335",
@ -4454,7 +4454,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.206",
@ -4513,7 +4513,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -4572,7 +4572,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -4638,7 +4638,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.253",
@ -4704,7 +4704,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.206",
@ -4782,7 +4782,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -4848,7 +4848,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -4907,7 +4907,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.253",
@ -4973,7 +4973,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.253",
@ -5032,7 +5032,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.206",
@ -5098,7 +5098,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -5157,7 +5157,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.317",
@ -5216,7 +5216,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -5282,7 +5282,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.317",
@ -5348,7 +5348,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.206",
@ -5414,7 +5414,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.317",
@ -5480,7 +5480,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -5558,7 +5558,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.317",
@ -5624,7 +5624,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.317",
@ -5690,7 +5690,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -5749,7 +5749,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -5815,7 +5815,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.317",
@ -5874,7 +5874,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -5940,7 +5940,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.317",
@ -5999,7 +5999,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -6058,7 +6058,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -6117,7 +6117,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -6176,7 +6176,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -6235,7 +6235,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -6294,7 +6294,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -6353,7 +6353,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -6412,7 +6412,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",
@ -6478,7 +6478,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -6544,7 +6544,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -6603,7 +6603,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -6662,7 +6662,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -6721,7 +6721,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -6780,7 +6780,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -6839,7 +6839,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -6898,7 +6898,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -6957,7 +6957,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -7023,7 +7023,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -7082,7 +7082,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -7141,7 +7141,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -7207,7 +7207,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -7273,7 +7273,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -7332,7 +7332,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -7398,7 +7398,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -7476,7 +7476,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -7542,7 +7542,7 @@
"device_os_s": "ios",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.311",
@ -7837,7 +7837,7 @@
"device_os_s": "android",
"device_os_version_s": "",
"device_owner_id_g": "76ecd7ad-e86e-48b1-86eb-807c29ceda97",
"device_owner_email_s": "sanitized_email.com",
"device_owner_email_s": "sanitized@sanitized.com",
"device_owner_first_name_s": "anonymous",
"device_owner_last_name_s": "user",
"device_ip_s": "192.168.1.271",

32
Sample Data/Custom/Zoom_CL.json
Просмотреть файл

@ -10,7 +10,7 @@
},
{
"id":"6OpeTW3TTFKt-JdyNv6j4A",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"user_name":"",
"type":2,
"dept":"CEO",
@ -25,7 +25,7 @@
},
{
"id":"YBSKkmMgSmu_u6vqFJSe6A",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"user_name":"",
"type":2,
"dept":"",
@ -40,7 +40,7 @@
},
{
"id":"Z9egdlQBT5iwaKMDRrq83w",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"user_name":"",
"type":1,
"dept":"",
@ -55,7 +55,7 @@
},
{
"id":"ANIWXBczTxmdUt4GxY-Hqw",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"user_name":"",
"type":1,
"dept":"Sales",
@ -70,7 +70,7 @@
},
{
"id":"mGqoq_UHTPa4EoD44xFHnA",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"user_name":"",
"type":1,
"dept":"",
@ -85,7 +85,7 @@
},
{
"id":"ziJGLVDJTpqcW_-goJieQg",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"user_name":"",
"type":1,
"dept":"",
@ -100,7 +100,7 @@
},
{
"id":"99BadEz7Q3Cftt706ar87g",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"user_name":"",
"type":2,
"dept":"Sales",
@ -115,7 +115,7 @@
},
{
"id":"wv29mt1BS2CZVxitVuD3Og",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"user_name":"",
"type":2,
"dept":"",
@ -130,7 +130,7 @@
},
{
"id":"7QAgPNXtQgaV_TxevVIqlA",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"user_name":"",
"type":1,
"dept":"",
@ -145,7 +145,7 @@
},
{
"id":"dkPP97-gTeamXGxUH2yI5g",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"user_name":"",
"type":1,
"dept":"",
@ -160,7 +160,7 @@
},
{
"id":"Fl13Cv7cQ8uo1d8sXOheiA",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"user_name":"",
"type":1,
"dept":"",
@ -175,7 +175,7 @@
},
{
"id":"N1j2JOK3T46i9nvVMTZ0tQ",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"user_name":"",
"type":1,
"dept":"",
@ -190,7 +190,7 @@
},
{
"id":"nkGnYfGzQseV0jbF1PyGnA",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"user_name":"",
"type":1,
"dept":"",
@ -205,7 +205,7 @@
},
{
"id":"Fi3jz_L1S8SwrKKazZcZew",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"user_name":"",
"type":1,
"dept":"",
@ -220,7 +220,7 @@
},
{
"id":"VdKVhjNNRWSyI9BXI_S7Aw",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"user_name":"",
"type":2,
"dept":"Sales",
@ -235,7 +235,7 @@
},
{
"id":"3BpQx4qCTgK1M2BDQqejOQ",
"email":"sanitized_email.com",
"email":"sanitized@sanitized.com",
"user_name":"",
"type":2,
"dept":"Sales",

12
Sample Data/Sample Data/Custom/Agari/agari_apdtc_log_CL.json
Просмотреть файл

@ -9,8 +9,8 @@
"RawData": "",
"id_g": "52289fcc-28ea-11eb-8461-0242ac140004",
"timestamp_ms_s": 1605627243000,
"to_s": "sanitized_email.com",
"from_s": "User A <sanitized_email.com>",
"to_s": "sanitized@sanitized.com",
"from_s": "User A <sanitized@sanitized.com>",
"from_domain_s": "domaina.com",
"attack_types_s": [
"low_trust (Low trust domain)"
@ -28,8 +28,8 @@
"RawData": "",
"id_g": "2d801dca-28f0-11eb-90ff-0242ac130004",
"timestamp_ms_s": 1605629758000,
"to_s": "sanitized_email.com",
"from_s": "User B <sanitized_email.com>",
"to_s": "sanitized@sanitized.com",
"from_s": "User B <sanitized@sanitized.com>",
"from_domain_s": "domainb.com",
"attack_types_s": [
"low_trust (Low trust domain)"
@ -47,8 +47,8 @@
"RawData": "",
"id_g": "483cc29a-28ea-11eb-90ff-0242ac130004",
"timestamp_ms_s": 1605627226000,
"to_s": "sanitized_email.com",
"from_s": "User C <sanitized_email.com>",
"to_s": "sanitized@sanitized.com",
"from_s": "User C <sanitized@sanitized.com>",
"from_domain_s": "domainc.com",
"attack_types_s": [
"low_trust (Low trust domain)"

6
Sample Data/Sample Data/Custom/Agari/agari_bpalerts_log_CL.json
Просмотреть файл

@ -7,10 +7,10 @@
"TimeGenerated [UTC]": "11/16/2020, 8:40:20.842 PM",
"Computer": "",
"RawData": "",
"new_dmarc_record_s": "v=DMARC1; p=reject; fo=1; ri=3600; rua=mailto:sanitized_email.com; ruf=mailto:sanitized_email.com",
"new_dmarc_record_s": "v=DMARC1; p=reject; fo=1; ri=3600; rua=mailto:sanitized@sanitized.com; ruf=mailto:sanitized@sanitized.com",
"old_spf_tree_domain_s": "",
"old_spf_tree_record_s": "",
"old_dmarc_record_s": "v=DMARC1; p=reject; fo=1; ri=3600; rua=mailto:sanitized_email.com; ruf=mailto:sanitized_email.com",
"old_dmarc_record_s": "v=DMARC1; p=reject; fo=1; ri=3600; rua=mailto:sanitized@sanitized.com; ruf=mailto:sanitized@sanitized.com",
"top_hosts_s": "",
"top_subjects_s": "",
"top_uris_s": "",
@ -59,7 +59,7 @@
{
"subject": "subject",
"hdr_from": "from.domain.com",
"from": "\"Someone\" <sanitized_email.com>",
"from": "\"Someone\" <sanitized@sanitized.com>",
"count": 1,
"start_ts": "2020-11-11T18:14:25Z",
"end_ts": "2020-11-11T18:14:25Z",

2
Sample Data/Syslog/AlsidForADLog_CL.json
Просмотреть файл

@ -809,7 +809,7 @@
"ManagementGroupName": "sysloger",
"TimeGenerated [UTC]": "11/5/2020, 4:38:58.000 PM",
"Computer": "sysloger",
"RawData": "2020-11-05T16:38:17+00:00 julienc.alsid.app AlsidForAD[4]: \"1\" \"1\" \"Sulforest\" \"dc\" \"CN=ok ok. ok,CN=Users,DC=alsid,DC=corp\" \"2153\" \"New object\" \"userprincipalname\"=\"\"sanitized_email.com\"",
"RawData": "2020-11-05T16:38:17+00:00 julienc.alsid.app AlsidForAD[4]: \"1\" \"1\" \"Sulforest\" \"dc\" \"CN=ok ok. ok,CN=Users,DC=alsid,DC=corp\" \"2153\" \"New object\" \"userprincipalname\"=\"\"sanitized@sanitized.com\"",
"Type": "AlsidForADLog_CL",
"_ResourceId": "/subscriptions/8c038010-3c7a-40c6-985f-db5e8a04e59f/resourcegroups/julien_clement-rg/providers/microsoft.compute/virtualmachines/sysloger"
},

56
Sample Data/Syslog/CylancePROTECT.json
Просмотреть файл

@ -13026,7 +13026,7 @@
"Signed": ""
},
{
"SyslogMessage": "Nov 30 20:38:45 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.248.1.225, User: Test User01 (sanitized_email.com)",
"SyslogMessage": "Nov 30 20:38:45 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.248.1.225, User: Test User01 (sanitized@sanitized.com)",
"EventType": "AuditLog",
"EventName": "LoginSuccess",
"DeviceName": "",
@ -13043,7 +13043,7 @@
"FileHashSha256": "",
"Interpreter": "",
"InterpreterVersion": "",
"UserName": "Test User01 (sanitized_email.com)",
"UserName": "Test User01 (sanitized@sanitized.com)",
"DeviceId": "",
"PolicyName": "",
"FileName": "",
@ -13104,7 +13104,7 @@
"Signed": ""
},
{
"SyslogMessage": "Nov 30 19:04:24 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 10.100.237.101, User: Test User01 (sanitized_email.com)",
"SyslogMessage": "Nov 30 19:04:24 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 10.100.237.101, User: Test User01 (sanitized@sanitized.com)",
"EventType": "AuditLog",
"EventName": "LoginSuccess",
"DeviceName": "",
@ -13121,7 +13121,7 @@
"FileHashSha256": "",
"Interpreter": "",
"InterpreterVersion": "",
"UserName": "Test User01 (sanitized_email.com)",
"UserName": "Test User01 (sanitized@sanitized.com)",
"DeviceId": "",
"PolicyName": "",
"FileName": "",
@ -13182,7 +13182,7 @@
"Signed": ""
},
{
"SyslogMessage": "Nov 30 16:56:53 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: DeviceRemove, Message: Devices: TESTHOST0032, User: Test User01 (sanitized_email.com)",
"SyslogMessage": "Nov 30 16:56:53 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: DeviceRemove, Message: Devices: TESTHOST0032, User: Test User01 (sanitized@sanitized.com)",
"EventType": "AuditLog",
"EventName": "DeviceRemove",
"DeviceName": "",
@ -13199,7 +13199,7 @@
"FileHashSha256": "",
"Interpreter": "",
"InterpreterVersion": "",
"UserName": "Test User01 (sanitized_email.com)",
"UserName": "Test User01 (sanitized@sanitized.com)",
"DeviceId": "",
"PolicyName": "",
"FileName": "",
@ -13260,7 +13260,7 @@
"Signed": ""
},
{
"SyslogMessage": "Nov 30 16:56:16 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: DeviceRemove, Message: Devices: TESTHOST0024, User: Test User01 (sanitized_email.com)",
"SyslogMessage": "Nov 30 16:56:16 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: DeviceRemove, Message: Devices: TESTHOST0024, User: Test User01 (sanitized@sanitized.com)",
"EventType": "AuditLog",
"EventName": "DeviceRemove",
"DeviceName": "",
@ -13277,7 +13277,7 @@
"FileHashSha256": "",
"Interpreter": "",
"InterpreterVersion": "",
"UserName": "Test User01 (sanitized_email.com)",
"UserName": "Test User01 (sanitized@sanitized.com)",
"DeviceId": "",
"PolicyName": "",
"FileName": "",
@ -13338,7 +13338,7 @@
"Signed": ""
},
{
"SyslogMessage": "Nov 30 16:55:14 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.44.63.254, User: Test User01 (sanitized_email.com)",
"SyslogMessage": "Nov 30 16:55:14 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.44.63.254, User: Test User01 (sanitized@sanitized.com)",
"EventType": "AuditLog",
"EventName": "LoginSuccess",
"DeviceName": "",
@ -13355,7 +13355,7 @@
"FileHashSha256": "",
"Interpreter": "",
"InterpreterVersion": "",
"UserName": "Test User01 (sanitized_email.com)",
"UserName": "Test User01 (sanitized@sanitized.com)",
"DeviceId": "",
"PolicyName": "",
"FileName": "",
@ -13416,7 +13416,7 @@
"Signed": ""
},
{
"SyslogMessage": "Dec 1 09:53:25 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.26.244.12, User: Test User02 (sanitized_email.com)",
"SyslogMessage": "Dec 1 09:53:25 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.26.244.12, User: Test User02 (sanitized@sanitized.com)",
"EventType": "AuditLog",
"EventName": "LoginSuccess",
"DeviceName": "",
@ -13433,7 +13433,7 @@
"FileHashSha256": "",
"Interpreter": "",
"InterpreterVersion": "",
"UserName": "Test User02 (sanitized_email.com)",
"UserName": "Test User02 (sanitized@sanitized.com)",
"DeviceId": "",
"PolicyName": "",
"FileName": "",
@ -13494,7 +13494,7 @@
"Signed": ""
},
{
"SyslogMessage": "Dec 1 06:08:40 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 192.91.129.253, User: Test User02 (sanitized_email.com)",
"SyslogMessage": "Dec 1 06:08:40 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 192.91.129.253, User: Test User02 (sanitized@sanitized.com)",
"EventType": "AuditLog",
"EventName": "LoginSuccess",
"DeviceName": "",
@ -13511,7 +13511,7 @@
"FileHashSha256": "",
"Interpreter": "",
"InterpreterVersion": "",
"UserName": "Test User02 (sanitized_email.com)",
"UserName": "Test User02 (sanitized@sanitized.com)",
"DeviceId": "",
"PolicyName": "",
"FileName": "",
@ -13572,7 +13572,7 @@
"Signed": ""
},
{
"SyslogMessage": "Dec 1 13:06:39 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.246.21.80, User: Test User03 (sanitized_email.com)",
"SyslogMessage": "Dec 1 13:06:39 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.246.21.80, User: Test User03 (sanitized@sanitized.com)",
"EventType": "AuditLog",
"EventName": "LoginSuccess",
"DeviceName": "",
@ -13589,7 +13589,7 @@
"FileHashSha256": "",
"Interpreter": "",
"InterpreterVersion": "",
"UserName": "Test User03 (sanitized_email.com)",
"UserName": "Test User03 (sanitized@sanitized.com)",
"DeviceId": "",
"PolicyName": "",
"FileName": "",
@ -13650,7 +13650,7 @@
"Signed": ""
},
{
"SyslogMessage": "Dec 1 11:18:49 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.118.99.219, User: Test User03 (sanitized_email.com)",
"SyslogMessage": "Dec 1 11:18:49 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.118.99.219, User: Test User03 (sanitized@sanitized.com)",
"EventType": "AuditLog",
"EventName": "LoginSuccess",
"DeviceName": "",
@ -13667,7 +13667,7 @@
"FileHashSha256": "",
"Interpreter": "",
"InterpreterVersion": "",
"UserName": "Test User03 (sanitized_email.com)",
"UserName": "Test User03 (sanitized@sanitized.com)",
"DeviceId": "",
"PolicyName": "",
"FileName": "",
@ -13728,7 +13728,7 @@
"Signed": ""
},
{
"SyslogMessage": "Nov 30 20:20:10 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 10.130.191.222, User: Test User03 (sanitized_email.com)",
"SyslogMessage": "Nov 30 20:20:10 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 10.130.191.222, User: Test User03 (sanitized@sanitized.com)",
"EventType": "AuditLog",
"EventName": "LoginSuccess",
"DeviceName": "",
@ -13745,7 +13745,7 @@
"FileHashSha256": "",
"Interpreter": "",
"InterpreterVersion": "",
"UserName": "Test User03 (sanitized_email.com)",
"UserName": "Test User03 (sanitized@sanitized.com)",
"DeviceId": "",
"PolicyName": "",
"FileName": "",
@ -13806,7 +13806,7 @@
"Signed": ""
},
{
"SyslogMessage": "Nov 30 19:11:56 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: DeviceEdit, Message: Device: TESTHOST0014; Policy Changed: 'Server - Standard' to 'Server - Standard - Clone - PHX10448532', User: Test User03 (sanitized_email.com)",
"SyslogMessage": "Nov 30 19:11:56 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: DeviceEdit, Message: Device: TESTHOST0014; Policy Changed: 'Server - Standard' to 'Server - Standard - Clone - PHX10448532', User: Test User03 (sanitized@sanitized.com)",
"EventType": "AuditLog",
"EventName": "DeviceEdit",
"DeviceName": "",
@ -13823,7 +13823,7 @@
"FileHashSha256": "",
"Interpreter": "",
"InterpreterVersion": "",
"UserName": "Test User03 (sanitized_email.com)",
"UserName": "Test User03 (sanitized@sanitized.com)",
"DeviceId": "",
"PolicyName": "",
"FileName": "",
@ -13884,7 +13884,7 @@
"Signed": ""
},
{
"SyslogMessage": "Nov 30 19:11:00 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 192.214.171.47, User: Test User03 (sanitized_email.com)",
"SyslogMessage": "Nov 30 19:11:00 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 192.214.171.47, User: Test User03 (sanitized@sanitized.com)",
"EventType": "AuditLog",
"EventName": "LoginSuccess",
"DeviceName": "",
@ -13901,7 +13901,7 @@
"FileHashSha256": "",
"Interpreter": "",
"InterpreterVersion": "",
"UserName": "Test User03 (sanitized_email.com)",
"UserName": "Test User03 (sanitized@sanitized.com)",
"DeviceId": "",
"PolicyName": "",
"FileName": "",
@ -13962,7 +13962,7 @@
"Signed": ""
},
{
"SyslogMessage": "Nov 30 17:56:28 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.29.29.216, User: Test User03 (sanitized_email.com)",
"SyslogMessage": "Nov 30 17:56:28 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.29.29.216, User: Test User03 (sanitized@sanitized.com)",
"EventType": "AuditLog",
"EventName": "LoginSuccess",
"DeviceName": "",
@ -13979,7 +13979,7 @@
"FileHashSha256": "",
"Interpreter": "",
"InterpreterVersion": "",
"UserName": "Test User03 (sanitized_email.com)",
"UserName": "Test User03 (sanitized@sanitized.com)",
"DeviceId": "",
"PolicyName": "",
"FileName": "",
@ -14040,7 +14040,7 @@
"Signed": ""
},
{
"SyslogMessage": "Dec 1 11:14:44 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 10.229.249.61, User: Test User04 (sanitized_email.com)",
"SyslogMessage": "Dec 1 11:14:44 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 10.229.249.61, User: Test User04 (sanitized@sanitized.com)",
"EventType": "AuditLog",
"EventName": "LoginSuccess",
"DeviceName": "",
@ -14057,7 +14057,7 @@
"FileHashSha256": "",
"Interpreter": "",
"InterpreterVersion": "",
"UserName": "Test User04 (sanitized_email.com)",
"UserName": "Test User04 (sanitized@sanitized.com)",
"DeviceId": "",
"PolicyName": "",
"FileName": "",

6
Sample Data/Syslog/DigitalGuardianDLPEvent.json
Просмотреть файл

@ -8,7 +8,7 @@
"Facility": "user",
"HostName": "10.10.10.10",
"SeverityLevel": "notice",
"SyslogMessage": "08:06.380Z ABC-Manager DLP - INCADD incident_id=\"1.12815.10\" managed_device_id=\"1\" number_of_incidents=\"2\" incident_status=\"New,Audit Only\" matched_policies_by_severity=\"High:C_PHI_MRN / C_MRN_>25 \" action_taken=\"NET_NS_H\" matches=\"55\" protocol=\"SMTP\" http_url=\"\" inspected_document=\"Report_3.16-4.17__UPDATED.XLSX\" source=\"sanitized_email.com\" source_ip=\"1.1.1.1\" source_port=\"21752\" destination=\"sanitized_email.com\" destination_ip=\"2.2.2.2\" destination_port=\"25\" email_subject=\"RE: Open Encounters\" email_sender=\"sanitized_email.com\" email_recipients=\"sanitized_email.com \" timestamp=\"2021-06-23 12:06:09 PDT\" incidents_url=https://aaa.lpch.net/LoadIncidentManagement.do?m=1&id=1,27372",
"SyslogMessage": "08:06.380Z ABC-Manager DLP - INCADD incident_id=\"1.12815.10\" managed_device_id=\"1\" number_of_incidents=\"2\" incident_status=\"New,Audit Only\" matched_policies_by_severity=\"High:C_PHI_MRN / C_MRN_>25 \" action_taken=\"NET_NS_H\" matches=\"55\" protocol=\"SMTP\" http_url=\"\" inspected_document=\"Report_3.16-4.17__UPDATED.XLSX\" source=\"sanitized@sanitized.com\" source_ip=\"1.1.1.1\" source_port=\"21752\" destination=\"sanitized@sanitized.com\" destination_ip=\"2.2.2.2\" destination_port=\"25\" email_subject=\"RE: Open Encounters\" email_sender=\"sanitized@sanitized.com\" email_recipients=\"sanitized@sanitized.com \" timestamp=\"2021-06-23 12:06:09 PDT\" incidents_url=https://aaa.lpch.net/LoadIncidentManagement.do?m=1&id=1,27372",
"ProcessID": "",
"HostIP": "10.10.10.10",
"ProcessName": "<10>1",
@ -25,7 +25,7 @@
"Facility": "user",
"HostName": "10.10.10.10",
"SeverityLevel": "notice",
"SyslogMessage": "08:06.380Z ABC-Manager DLP - INCADD incident_id=\"1.12815.10\" managed_device_id=\"1\" number_of_incidents=\"2\" incident_status=\"New,Audit Only\" matched_policies_by_severity=\"High:C_PHI_MRN / C_MRN_>25 \" action_taken=\"NET_NS_H\" matches=\"55\" protocol=\"SMTP\" http_url=\"\" inspected_document=\"Report_3.16-4.17__UPDATED.XLSX\" source=\"sanitized_email.com\" source_ip=\"1.1.1.1\" source_port=\"21752\" destination=\"sanitized_email.com\" destination_ip=\"2.2.2.2\" destination_port=\"25\" email_subject=\"RE: Open Encounters\" email_sender=\"sanitized_email.com\" email_recipients=\"sanitized_email.com \" timestamp=\"2021-06-24 15:06:09 PDT\" incidents_url=https://aaa.lpch.net/LoadIncidentManagement.do?m=1&id=1,27372",
"SyslogMessage": "08:06.380Z ABC-Manager DLP - INCADD incident_id=\"1.12815.10\" managed_device_id=\"1\" number_of_incidents=\"2\" incident_status=\"New,Audit Only\" matched_policies_by_severity=\"High:C_PHI_MRN / C_MRN_>25 \" action_taken=\"NET_NS_H\" matches=\"55\" protocol=\"SMTP\" http_url=\"\" inspected_document=\"Report_3.16-4.17__UPDATED.XLSX\" source=\"sanitized@sanitized.com\" source_ip=\"1.1.1.1\" source_port=\"21752\" destination=\"sanitized@sanitized.com\" destination_ip=\"2.2.2.2\" destination_port=\"25\" email_subject=\"RE: Open Encounters\" email_sender=\"sanitized@sanitized.com\" email_recipients=\"sanitized@sanitized.com \" timestamp=\"2021-06-24 15:06:09 PDT\" incidents_url=https://aaa.lpch.net/LoadIncidentManagement.do?m=1&id=1,27372",
"ProcessID": "",
"HostIP": "10.10.10.10",
"ProcessName": "<10>1",
@ -42,7 +42,7 @@
"Facility": "user",
"HostName": "10.10.10.10",
"SeverityLevel": "notice",
"SyslogMessage": "08:06.380Z ABC-Manager DLP - INCADD incident_id=\"1.12815.1\" managed_device_id=\"1\" number_of_incidents=\"1\" incident_status=\"New,Audit Only\" matched_policies_by_severity=\"High:C_PHI_MRN / C_MRN_>25 \" action_taken=\"NET_NS_H\" matches=\"55\" protocol=\"SMTP\" http_url=\"\" inspected_document=\"Milla_9.16-4.17__UPDATED.XLSX\" source=\"sanitized_email.com\" source_ip=\"1.1.1.1\" source_port=\"21752\" destination=\"sanitized_email.com\" destination_ip=\"2.2.2.2\" destination_port=\"25\" email_subject=\"RE: Open Encounters\" email_sender=\"sanitized_email.com\" email_recipients=\"sanitized_email.com \" timestamp=\"2017-05-11 12:06:09 PDT\" incidents_url=https://aaa.lpch.net/LoadIncidentManagement.do?m=1&id=1,27372",
"SyslogMessage": "08:06.380Z ABC-Manager DLP - INCADD incident_id=\"1.12815.1\" managed_device_id=\"1\" number_of_incidents=\"1\" incident_status=\"New,Audit Only\" matched_policies_by_severity=\"High:C_PHI_MRN / C_MRN_>25 \" action_taken=\"NET_NS_H\" matches=\"55\" protocol=\"SMTP\" http_url=\"\" inspected_document=\"Milla_9.16-4.17__UPDATED.XLSX\" source=\"sanitized@sanitized.com\" source_ip=\"1.1.1.1\" source_port=\"21752\" destination=\"sanitized@sanitized.com\" destination_ip=\"2.2.2.2\" destination_port=\"25\" email_subject=\"RE: Open Encounters\" email_sender=\"sanitized@sanitized.com\" email_recipients=\"sanitized@sanitized.com \" timestamp=\"2017-05-11 12:06:09 PDT\" incidents_url=https://aaa.lpch.net/LoadIncidentManagement.do?m=1&id=1,27372",
"ProcessID": "",
"HostIP": "10.10.10.10",
"ProcessName": "<10>1",