Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

fix conlicts

This commit is contained in:
ashwin 2024-05-03 11:47:43 -07:00
Родитель bcf470d509 6b85a0ed67
Коммит 2622d3cbf7
208 изменённых файлов: 27642 добавлений и 1159 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

641
.script/tests/KqlvalidationsTests/CustomTables/NetskopeWebtxData_CL.json Normal file
Просмотреть файл

@ -0,0 +1,641 @@
{
"Name": "NetskopeWebtxData_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "cs_uri_query_g",
"Type": "string"
},
{
"Name": "date_s",
"Type": "string"
},
{
"Name": "time_s",
"Type": "string"
},
{
"Name": "time_taken_s",
"Type": "string"
},
{
"Name": "cs_bytes_s",
"Type": "string"
},
{
"Name": "sc_bytes_s",
"Type": "string"
},
{
"Name": "bytes_s",
"Type": "string"
},
{
"Name": "c_ip_s",
"Type": "string"
},
{
"Name": "s_ip_s",
"Type": "string"
},
{
"Name": "cs_username_s",
"Type": "string"
},
{
"Name": "cs_method_s",
"Type": "string"
},
{
"Name": "cs_uri_scheme_s",
"Type": "string"
},
{
"Name": "cs_uri_query_s",
"Type": "string"
},
{
"Name": "cs_user_agent_s",
"Type": "string"
},
{
"Name": "cs_content_type_s",
"Type": "string"
},
{
"Name": "sc_status_s",
"Type": "string"
},
{
"Name": "sc_content_type_s",
"Type": "string"
},
{
"Name": "cs_dns_s",
"Type": "string"
},
{
"Name": "cs_host_s",
"Type": "string"
},
{
"Name": "cs_uri_s",
"Type": "string"
},
{
"Name": "cs_uri_port_s",
"Type": "string"
},
{
"Name": "cs_referer_s",
"Type": "string"
},
{
"Name": "x_cs_session_id_s",
"Type": "string"
},
{
"Name": "x_cs_access_method_s",
"Type": "string"
},
{
"Name": "x_cs_app_s",
"Type": "string"
},
{
"Name": "x_s_country_s",
"Type": "string"
},
{
"Name": "x_s_latitude_s",
"Type": "string"
},
{
"Name": "x_s_longitude_s",
"Type": "string"
},
{
"Name": "x_s_location_s",
"Type": "string"
},
{
"Name": "x_s_region_s",
"Type": "string"
},
{
"Name": "x_s_zipcode_s",
"Type": "string"
},
{
"Name": "x_c_country_s",
"Type": "string"
},
{
"Name": "x_c_latitude_s",
"Type": "string"
},
{
"Name": "x_c_longitude_s",
"Type": "string"
},
{
"Name": "x_c_location_s",
"Type": "string"
},
{
"Name": "x_c_region_s",
"Type": "string"
},
{
"Name": "x_c_zipcode_s",
"Type": "string"
},
{
"Name": "x_c_os_s",
"Type": "string"
},
{
"Name": "x_c_browser_s",
"Type": "string"
},
{
"Name": "x_c_browser_version_s",
"Type": "string"
},
{
"Name": "x_c_device_s",
"Type": "string"
},
{
"Name": "x_cs_site_s",
"Type": "string"
},
{
"Name": "x_cs_timestamp_s",
"Type": "string"
},
{
"Name": "x_cs_page_id_s",
"Type": "string"
},
{
"Name": "x_cs_userip_s",
"Type": "string"
},
{
"Name": "x_cs_traffic_type_s",
"Type": "string"
},
{
"Name": "x_cs_tunnel_id_s",
"Type": "string"
},
{
"Name": "x_category_s",
"Type": "string"
},
{
"Name": "x_other_category_s",
"Type": "string"
},
{
"Name": "x_type_s",
"Type": "string"
},
{
"Name": "x_server_ssl_err_s",
"Type": "string"
},
{
"Name": "x_client_ssl_err_s",
"Type": "string"
},
{
"Name": "x_transaction_id_s",
"Type": "string"
},
{
"Name": "x_request_id_s",
"Type": "string"
},
{
"Name": "x_cs_sni_s",
"Type": "string"
},
{
"Name": "x_cs_domain_fronted_sni_s",
"Type": "string"
},
{
"Name": "x_category_id_s",
"Type": "string"
},
{
"Name": "x_other_category_id_s",
"Type": "string"
},
{
"Name": "x_sr_headers_name_s",
"Type": "string"
},
{
"Name": "x_sr_headers_value_s",
"Type": "string"
},
{
"Name": "x_cs_ssl_ja3_g",
"Type": "string"
},
{
"Name": "x_sr_ssl_ja3s_s",
"Type": "string"
},
{
"Name": "x_ssl_bypass_s",
"Type": "string"
},
{
"Name": "x_ssl_bypass_reason_s",
"Type": "string"
},
{
"Name": "x_r_cert_subject_cn_s",
"Type": "string"
},
{
"Name": "x_r_cert_issuer_cn_s",
"Type": "string"
},
{
"Name": "x_r_cert_startdate_s",
"Type": "string"
},
{
"Name": "x_r_cert_enddate_s",
"Type": "string"
},
{
"Name": "x_r_cert_valid_s",
"Type": "string"
},
{
"Name": "x_r_cert_expired_s",
"Type": "string"
},
{
"Name": "x_r_cert_untrusted_root_s",
"Type": "string"
},
{
"Name": "x_r_cert_incomplete_chain_s",
"Type": "string"
},
{
"Name": "x_r_cert_self_signed_s",
"Type": "string"
},
{
"Name": "x_r_cert_revoked_s",
"Type": "string"
},
{
"Name": "x_r_cert_revocation_check_s",
"Type": "string"
},
{
"Name": "x_r_cert_mismatch_s",
"Type": "string"
},
{
"Name": "x_cs_ssl_fronting_error_s",
"Type": "string"
},
{
"Name": "x_cs_ssl_handshake_error_s",
"Type": "string"
},
{
"Name": "x_sr_ssl_handshake_error_s",
"Type": "string"
},
{
"Name": "x_sr_ssl_client_certificate_error_s",
"Type": "string"
},
{
"Name": "x_sr_ssl_malformed_ssl_s",
"Type": "string"
},
{
"Name": "x_s_custom_signing_ca_error_s",
"Type": "string"
},
{
"Name": "x_cs_ssl_engine_action_s",
"Type": "string"
},
{
"Name": "x_cs_ssl_engine_action_reason_s",
"Type": "string"
},
{
"Name": "x_sr_ssl_engine_action_s",
"Type": "string"
},
{
"Name": "x_sr_ssl_engine_action_reason_s",
"Type": "string"
},
{
"Name": "x_ssl_policy_src_ip_s",
"Type": "string"
},
{
"Name": "x_ssl_policy_dst_ip_s",
"Type": "string"
},
{
"Name": "x_ssl_policy_dst_host_s",
"Type": "string"
},
{
"Name": "x_ssl_policy_dst_host_source_s",
"Type": "string"
},
{
"Name": "x_ssl_policy_categories_s",
"Type": "string"
},
{
"Name": "x_ssl_policy_action_s",
"Type": "string"
},
{
"Name": "x_ssl_policy_name_s",
"Type": "string"
},
{
"Name": "x_cs_ssl_version_s",
"Type": "string"
},
{
"Name": "x_cs_ssl_cipher_s",
"Type": "string"
},
{
"Name": "x_sr_ssl_version_s",
"Type": "string"
},
{
"Name": "x_sr_ssl_cipher_s",
"Type": "string"
},
{
"Name": "x_cs_src_ip_egress_s",
"Type": "string"
},
{
"Name": "x_s_dp_name_s",
"Type": "string"
},
{
"Name": "x_cs_src_ip_s",
"Type": "string"
},
{
"Name": "x_cs_src_port_s",
"Type": "string"
},
{
"Name": "x_cs_dst_ip_s",
"Type": "string"
},
{
"Name": "x_cs_dst_port_s",
"Type": "string"
},
{
"Name": "x_sr_src_ip_s",
"Type": "string"
},
{
"Name": "x_sr_src_port_s",
"Type": "string"
},
{
"Name": "x_sr_dst_ip_s",
"Type": "string"
},
{
"Name": "x_sr_dst_port_s",
"Type": "string"
},
{
"Name": "x_cs_ip_connect_xff_s",
"Type": "string"
},
{
"Name": "x_cs_ip_xff_s",
"Type": "string"
},
{
"Name": "x_cs_connect_host_s",
"Type": "string"
},
{
"Name": "x_cs_connect_port_s",
"Type": "string"
},
{
"Name": "x_cs_connect_user_agent_s",
"Type": "string"
},
{
"Name": "x_cs_url_s",
"Type": "string"
},
{
"Name": "x_cs_uri_path_s",
"Type": "string"
},
{
"Name": "x_cs_http_version_s",
"Type": "string"
},
{
"Name": "rs_status_s",
"Type": "string"
},
{
"Name": "x_cs_app_category_s",
"Type": "string"
},
{
"Name": "x_cs_app_cci_s",
"Type": "string"
},
{
"Name": "x_cs_app_ccl_s",
"Type": "string"
},
{
"Name": "x_cs_app_tags_s",
"Type": "string"
},
{
"Name": "x_cs_app_suite_s",
"Type": "string"
},
{
"Name": "x_cs_app_instance_id_s",
"Type": "string"
},
{
"Name": "x_cs_app_instance_name_s",
"Type": "string"
},
{
"Name": "x_cs_app_instance_tag_s",
"Type": "string"
},
{
"Name": "x_cs_app_activity_s",
"Type": "string"
},
{
"Name": "x_cs_app_from_user_s",
"Type": "string"
},
{
"Name": "x_cs_app_to_user_s",
"Type": "string"
},
{
"Name": "x_cs_app_object_type_s",
"Type": "string"
},
{
"Name": "x_cs_app_object_name_s",
"Type": "string"
},
{
"Name": "x_cs_app_object_id_s",
"Type": "string"
},
{
"Name": "x_rs_file_type_s",
"Type": "string"
},
{
"Name": "x_rs_file_category_s",
"Type": "string"
},
{
"Name": "x_rs_file_language_s",
"Type": "string"
},
{
"Name": "x_rs_file_size_s",
"Type": "string"
},
{
"Name": "x_rs_file_md5_s",
"Type": "string"
},
{
"Name": "x_rs_file_sha256_s",
"Type": "string"
},
{
"Name": "x_error_s",
"Type": "string"
},
{
"Name": "x_c_local_time_s",
"Type": "string"
},
{
"Name": "x_policy_action_s",
"Type": "string"
},
{
"Name": "x_policy_name_s",
"Type": "string"
},
{
"Name": "x_policy_src_ip_s",
"Type": "string"
},
{
"Name": "x_policy_dst_ip_s",
"Type": "string"
},
{
"Name": "x_policy_dst_host_s",
"Type": "string"
},
{
"Name": "x_policy_dst_host_source_s",
"Type": "string"
},
{
"Name": "x_policy_justification_type_s",
"Type": "string"
},
{
"Name": "x_policy_justification_reason_s",
"Type": "string"
},
{
"Name": "x_sc_notification_name_s",
"Type": "string"
},
{
"Name": "netskope_api_host_name_s",
"Type": "string"
},
{
"Name": "x_cs_ssl_ja3_s",
"Type": "string"
},
{
"Name": "x_rs_file_md5_g",
"Type": "string"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

45
.script/tests/KqlvalidationsTests/CustomTables/NetskopeWebtxErrors_CL.json Normal file
Просмотреть файл

@ -0,0 +1,45 @@
{
"Name": "NetskopeWebtxErrors_CL",
"Properties":[
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "error_s",
"Type": "string"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

53
.script/tests/KqlvalidationsTests/CustomTables/Netskope_WebTx_metrics_CL.json Normal file
Просмотреть файл

@ -0,0 +1,53 @@
{
"Name": "Netskope_WebTx_metrics_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "timestamp_t",
"Type": "datetime"
},
{
"Name": "backlog_message_count_d",
"Type": "real"
},
{
"Name": "oldest_unacked_message_age_s",
"Type": "string"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

181
.script/tests/KqlvalidationsTests/CustomTables/alertscompromisedcredentialdata_CL.json Normal file
Просмотреть файл

@ -0,0 +1,181 @@
{
"Name": "alertscompromisedcredentialdata_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "_id_s",
"Type": "string"
},
{
"Name": "acked_s",
"Type": "string"
},
{
"Name": "alert_s",
"Type": "string"
},
{
"Name": "alert_name_s",
"Type": "string"
},
{
"Name": "alert_type_s",
"Type": "string"
},
{
"Name": "app_s",
"Type": "string"
},
{
"Name": "Category",
"Type": "string"
},
{
"Name": "cci_s",
"Type": "string"
},
{
"Name": "ccl_s",
"Type": "string"
},
{
"Name": "count_d",
"Type": "real"
},
{
"Name": "organization_unit_s",
"Type": "string"
},
{
"Name": "timestamp_d",
"Type": "real"
},
{
"Name": "type_s",
"Type": "string"
},
{
"Name": "ur_normalized_s",
"Type": "string"
},
{
"Name": "user_s",
"Type": "string"
},
{
"Name": "userkey_s",
"Type": "string"
},
{
"Name": "sAMAccountName_s",
"Type": "string"
},
{
"Name": "breach_id_s",
"Type": "string"
},
{
"Name": "employeeType_s",
"Type": "string"
},
{
"Name": "userPrincipalName_s",
"Type": "string"
},
{
"Name": "breach_media_references_s",
"Type": "string"
},
{
"Name": "breach_date_d",
"Type": "real"
},
{
"Name": "password_type_s",
"Type": "string"
},
{
"Name": "department_s",
"Type": "string"
},
{
"Name": "distinguishedName_s",
"Type": "string"
},
{
"Name": "breach_description_s",
"Type": "string"
},
{
"Name": "breach_score_s",
"Type": "string"
},
{
"Name": "mail_s",
"Type": "string"
},
{
"Name": "breach_target_references_s",
"Type": "string"
},
{
"Name": "matched_username_s",
"Type": "string"
},
{
"Name": "division_s",
"Type": "string"
},
{
"Name": "sAMAccountType_s",
"Type": "string"
},
{
"Name": "email_source_s",
"Type": "string"
},
{
"Name": "external_email_d",
"Type": "real"
},
{
"Name": "cci_d",
"Type": "real"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

285
.script/tests/KqlvalidationsTests/CustomTables/alertsctepdata_CL.json Normal file
Просмотреть файл

@ -0,0 +1,285 @@
{
"Name": "alertsctepdata_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "_id_s",
"Type": "string"
},
{
"Name": "acked_s",
"Type": "string"
},
{
"Name": "action_s",
"Type": "string"
},
{
"Name": "alert_s",
"Type": "string"
},
{
"Name": "alert_name_s",
"Type": "string"
},
{
"Name": "alert_type_s",
"Type": "string"
},
{
"Name": "app_s",
"Type": "string"
},
{
"Name": "Category",
"Type": "string"
},
{
"Name": "cci_d",
"Type": "real"
},
{
"Name": "ccl_s",
"Type": "string"
},
{
"Name": "count_d",
"Type": "real"
},
{
"Name": "device_s",
"Type": "string"
},
{
"Name": "dst_country_s",
"Type": "string"
},
{
"Name": "dst_geoip_src_d",
"Type": "real"
},
{
"Name": "dst_latitude_d",
"Type": "real"
},
{
"Name": "dst_location_s",
"Type": "string"
},
{
"Name": "dst_longitude_d",
"Type": "real"
},
{
"Name": "dst_region_s",
"Type": "string"
},
{
"Name": "dst_zipcode_s",
"Type": "string"
},
{
"Name": "dstip_s",
"Type": "string"
},
{
"Name": "organization_unit_s",
"Type": "string"
},
{
"Name": "os_s",
"Type": "string"
},
{
"Name": "other_categories_s",
"Type": "string"
},
{
"Name": "site_s",
"Type": "string"
},
{
"Name": "src_country_s",
"Type": "string"
},
{
"Name": "src_geoip_src_d",
"Type": "real"
},
{
"Name": "src_latitude_d",
"Type": "real"
},
{
"Name": "src_location_s",
"Type": "string"
},
{
"Name": "src_longitude_d",
"Type": "real"
},
{
"Name": "src_region_s",
"Type": "string"
},
{
"Name": "src_zipcode_s",
"Type": "string"
},
{
"Name": "srcip_s",
"Type": "string"
},
{
"Name": "timestamp_d",
"Type": "real"
},
{
"Name": "traffic_type_s",
"Type": "string"
},
{
"Name": "type_s",
"Type": "string"
},
{
"Name": "ur_normalized_s",
"Type": "string"
},
{
"Name": "url_s",
"Type": "string"
},
{
"Name": "user_s",
"Type": "string"
},
{
"Name": "userkey_s",
"Type": "string"
},
{
"Name": "signature_s",
"Type": "string"
},
{
"Name": "transaction_id_d",
"Type": "real"
},
{
"Name": "home_pop_s",
"Type": "string"
},
{
"Name": "tunnel_id_s",
"Type": "string"
},
{
"Name": "ip_protocol_s",
"Type": "string"
},
{
"Name": "userPrincipalName_s",
"Type": "string"
},
{
"Name": "company_s",
"Type": "string"
},
{
"Name": "http_method_s",
"Type": "string"
},
{
"Name": "manager_s",
"Type": "string"
},
{
"Name": "deviceClassification_s",
"Type": "string"
},
{
"Name": "gid_d",
"Type": "real"
},
{
"Name": "profile_id_s",
"Type": "string"
},
{
"Name": "referer_s",
"Type": "string"
},
{
"Name": "dstport_d",
"Type": "real"
},
{
"Name": "netskope_pop_s",
"Type": "string"
},
{
"Name": "userip_s",
"Type": "string"
},
{
"Name": "department_s",
"Type": "string"
},
{
"Name": "signature_id_d",
"Type": "real"
},
{
"Name": "srcport_d",
"Type": "real"
},
{
"Name": "hostname_s",
"Type": "string"
},
{
"Name": "http_port_d",
"Type": "real"
},
{
"Name": "cci_s",
"Type": "string"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

613
.script/tests/KqlvalidationsTests/CustomTables/alertsdlpdata_CL.json Normal file
Просмотреть файл

@ -0,0 +1,613 @@
{
"Name": "alertsdlpdata_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "_id_s",
"Type": "string"
},
{
"Name": "access_method_s",
"Type": "string"
},
{
"Name": "acked_s",
"Type": "string"
},
{
"Name": "action_s",
"Type": "string"
},
{
"Name": "activity_s",
"Type": "string"
},
{
"Name": "alert_s",
"Type": "string"
},
{
"Name": "alert_name_s",
"Type": "string"
},
{
"Name": "alert_type_s",
"Type": "string"
},
{
"Name": "app_s",
"Type": "string"
},
{
"Name": "appcategory_s",
"Type": "string"
},
{
"Name": "browser_s",
"Type": "string"
},
{
"Name": "Category",
"Type": "string"
},
{
"Name": "ccl_s",
"Type": "string"
},
{
"Name": "device_s",
"Type": "string"
},
{
"Name": "dst_country_s",
"Type": "string"
},
{
"Name": "dst_geoip_src_d",
"Type": "real"
},
{
"Name": "dst_latitude_d",
"Type": "real"
},
{
"Name": "dst_location_s",
"Type": "string"
},
{
"Name": "dst_longitude_d",
"Type": "real"
},
{
"Name": "dst_region_s",
"Type": "string"
},
{
"Name": "dst_zipcode_s",
"Type": "string"
},
{
"Name": "dstip_s",
"Type": "string"
},
{
"Name": "exposure_s",
"Type": "string"
},
{
"Name": "file_lang_s",
"Type": "string"
},
{
"Name": "file_path_s",
"Type": "string"
},
{
"Name": "file_size_d",
"Type": "real"
},
{
"Name": "file_type_s",
"Type": "string"
},
{
"Name": "instance_s",
"Type": "string"
},
{
"Name": "instance_id_s",
"Type": "string"
},
{
"Name": "local_sha256_s",
"Type": "string"
},
{
"Name": "md5_g",
"Type": "string"
},
{
"Name": "mime_type_s",
"Type": "string"
},
{
"Name": "modified_d",
"Type": "real"
},
{
"Name": "object_s",
"Type": "string"
},
{
"Name": "object_id_s",
"Type": "string"
},
{
"Name": "object_type_s",
"Type": "string"
},
{
"Name": "organization_unit_s",
"Type": "string"
},
{
"Name": "os_s",
"Type": "string"
},
{
"Name": "owner_s",
"Type": "string"
},
{
"Name": "policy_s",
"Type": "string"
},
{
"Name": "request_id_s",
"Type": "string"
},
{
"Name": "scan_type_s",
"Type": "string"
},
{
"Name": "site_s",
"Type": "string"
},
{
"Name": "src_country_s",
"Type": "string"
},
{
"Name": "src_geoip_src_d",
"Type": "real"
},
{
"Name": "src_latitude_d",
"Type": "real"
},
{
"Name": "src_location_s",
"Type": "string"
},
{
"Name": "src_longitude_d",
"Type": "real"
},
{
"Name": "src_region_s",
"Type": "string"
},
{
"Name": "src_zipcode_s",
"Type": "string"
},
{
"Name": "srcip_s",
"Type": "string"
},
{
"Name": "suppression_key_s",
"Type": "string"
},
{
"Name": "timestamp_d",
"Type": "real"
},
{
"Name": "traffic_type_s",
"Type": "string"
},
{
"Name": "type_s",
"Type": "string"
},
{
"Name": "ur_normalized_s",
"Type": "string"
},
{
"Name": "url_s",
"Type": "string"
},
{
"Name": "user_s",
"Type": "string"
},
{
"Name": "userkey_s",
"Type": "string"
},
{
"Name": "user_id_s",
"Type": "string"
},
{
"Name": "channel_s",
"Type": "string"
},
{
"Name": "dlp_rule_s",
"Type": "string"
},
{
"Name": "file_password_protected_s",
"Type": "string"
},
{
"Name": "tss_mode_s",
"Type": "string"
},
{
"Name": "dlp_rule_count_d",
"Type": "real"
},
{
"Name": "appsuite_s",
"Type": "string"
},
{
"Name": "web_universal_connector_s",
"Type": "string"
},
{
"Name": "outer_doc_type_d",
"Type": "real"
},
{
"Name": "shared_with_s",
"Type": "string"
},
{
"Name": "dlp_is_unique_count_s",
"Type": "string"
},
{
"Name": "dynamic_classification_s",
"Type": "string"
},
{
"Name": "classification_name_s",
"Type": "string"
},
{
"Name": "app_session_id_d",
"Type": "real"
},
{
"Name": "true_type_id_d",
"Type": "real"
},
{
"Name": "page_site_s",
"Type": "string"
},
{
"Name": "file_category_s",
"Type": "string"
},
{
"Name": "data_type_s",
"Type": "string"
},
{
"Name": "universal_connector_s",
"Type": "string"
},
{
"Name": "sanctioned_instance_s",
"Type": "string"
},
{
"Name": "protocol_s",
"Type": "string"
},
{
"Name": "dlp_mail_parent_id_s",
"Type": "string"
},
{
"Name": "violating_user_type_s",
"Type": "string"
},
{
"Name": "sub_type_s",
"Type": "string"
},
{
"Name": "os_version_s",
"Type": "string"
},
{
"Name": "smtp_to_s",
"Type": "string"
},
{
"Name": "incident_id_d",
"Type": "real"
},
{
"Name": "group_s",
"Type": "string"
},
{
"Name": "sha256_s",
"Type": "string"
},
{
"Name": "act_user_s",
"Type": "string"
},
{
"Name": "displayName_s",
"Type": "string"
},
{
"Name": "message_id_s",
"Type": "string"
},
{
"Name": "file_cls_encrypted_b",
"Type": "bool"
},
{
"Name": "hostname_s",
"Type": "string"
},
{
"Name": "shared_domains_s",
"Type": "string"
},
{
"Name": "managed_app_s",
"Type": "string"
},
{
"Name": "from_storage_s",
"Type": "string"
},
{
"Name": "managementID_s",
"Type": "string"
},
{
"Name": "mail_s",
"Type": "string"
},
{
"Name": "title_s",
"Type": "string"
},
{
"Name": "dlp_file_s",
"Type": "string"
},
{
"Name": "from_user_s",
"Type": "string"
},
{
"Name": "dlp_fingerprint_classification_s",
"Type": "string"
},
{
"Name": "owner_pdl_s",
"Type": "string"
},
{
"Name": "violating_user_s",
"Type": "string"
},
{
"Name": "manager_s",
"Type": "string"
},
{
"Name": "to_user_s",
"Type": "string"
},
{
"Name": "parent_id_s",
"Type": "string"
},
{
"Name": "app_activity_s",
"Type": "string"
},
{
"Name": "dlp_incident_id_d",
"Type": "real"
},
{
"Name": "device_classification_s",
"Type": "string"
},
{
"Name": "browser_version_s",
"Type": "string"
},
{
"Name": "src_time_s",
"Type": "string"
},
{
"Name": "to_storage_s",
"Type": "string"
},
{
"Name": "dst_timezone_s",
"Type": "string"
},
{
"Name": "dlp_rule_severity_s",
"Type": "string"
},
{
"Name": "src_timezone_s",
"Type": "string"
},
{
"Name": "total_collaborator_count_d",
"Type": "real"
},
{
"Name": "userCountry_s",
"Type": "string"
},
{
"Name": "dlp_profile_s",
"Type": "string"
},
{
"Name": "true_obj_type_s",
"Type": "string"
},
{
"Name": "transaction_id_d",
"Type": "real"
},
{
"Name": "true_obj_category_s",
"Type": "string"
},
{
"Name": "userPrincipalName_s",
"Type": "string"
},
{
"Name": "orignal_file_path_s",
"Type": "string"
},
{
"Name": "collaborated_s",
"Type": "string"
},
{
"Name": "connection_id_d",
"Type": "real"
},
{
"Name": "bcc_s",
"Type": "string"
},
{
"Name": "userip_s",
"Type": "string"
},
{
"Name": "referer_s",
"Type": "string"
},
{
"Name": "sAMAccountName_s",
"Type": "string"
},
{
"Name": "message_size_d",
"Type": "real"
},
{
"Name": "dlp_parent_id_d",
"Type": "real"
},
{
"Name": "external_collaborator_count_d",
"Type": "real"
},
{
"Name": "retro_scan_name_s",
"Type": "string"
},
{
"Name": "dlp_unique_count_d",
"Type": "real"
},
{
"Name": "browser_session_id_d",
"Type": "real"
},
{
"Name": "dlp_fingerprint_match_s",
"Type": "string"
},
{
"Name": "severity_s",
"Type": "string"
},
{
"Name": "dlp_fingerprint_score_d",
"Type": "real"
},
{
"Name": "page_s",
"Type": "string"
},
{
"Name": "true_filetype_s",
"Type": "string"
},
{
"Name": "policy_id_s",
"Type": "string"
},
{
"Name": "dlp_rule_score_d",
"Type": "real"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

501
.script/tests/KqlvalidationsTests/CustomTables/alertsmalsitedata_CL.json Normal file
Просмотреть файл

@ -0,0 +1,501 @@
{
"Name": "alertsmalsitedata_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "_id_s",
"Type": "string"
},
{
"Name": "access_method_s",
"Type": "string"
},
{
"Name": "acked_s",
"Type": "string"
},
{
"Name": "action_s",
"Type": "string"
},
{
"Name": "alert_s",
"Type": "string"
},
{
"Name": "alert_name_s",
"Type": "string"
},
{
"Name": "alert_type_s",
"Type": "string"
},
{
"Name": "app_s",
"Type": "string"
},
{
"Name": "appcategory_s",
"Type": "string"
},
{
"Name": "browser_s",
"Type": "string"
},
{
"Name": "Category",
"Type": "string"
},
{
"Name": "cci_d",
"Type": "real"
},
{
"Name": "ccl_s",
"Type": "string"
},
{
"Name": "count_d",
"Type": "real"
},
{
"Name": "device_s",
"Type": "string"
},
{
"Name": "dst_country_s",
"Type": "string"
},
{
"Name": "dst_geoip_src_d",
"Type": "real"
},
{
"Name": "dst_latitude_d",
"Type": "real"
},
{
"Name": "dst_location_s",
"Type": "string"
},
{
"Name": "dst_longitude_d",
"Type": "real"
},
{
"Name": "dst_region_s",
"Type": "string"
},
{
"Name": "dst_zipcode_s",
"Type": "string"
},
{
"Name": "dstip_s",
"Type": "string"
},
{
"Name": "object_s",
"Type": "string"
},
{
"Name": "object_type_s",
"Type": "string"
},
{
"Name": "organization_unit_s",
"Type": "string"
},
{
"Name": "os_s",
"Type": "string"
},
{
"Name": "other_categories_s",
"Type": "string"
},
{
"Name": "policy_s",
"Type": "string"
},
{
"Name": "request_id_s",
"Type": "string"
},
{
"Name": "site_s",
"Type": "string"
},
{
"Name": "src_country_s",
"Type": "string"
},
{
"Name": "src_geoip_src_d",
"Type": "real"
},
{
"Name": "src_latitude_d",
"Type": "real"
},
{
"Name": "src_location_s",
"Type": "string"
},
{
"Name": "src_longitude_d",
"Type": "real"
},
{
"Name": "src_region_s",
"Type": "string"
},
{
"Name": "src_zipcode_s",
"Type": "string"
},
{
"Name": "srcip_s",
"Type": "string"
},
{
"Name": "timestamp_d",
"Type": "real"
},
{
"Name": "traffic_type_s",
"Type": "string"
},
{
"Name": "type_s",
"Type": "string"
},
{
"Name": "ur_normalized_s",
"Type": "string"
},
{
"Name": "url_s",
"Type": "string"
},
{
"Name": "user_s",
"Type": "string"
},
{
"Name": "src_time_s",
"Type": "string"
},
{
"Name": "serial_s",
"Type": "string"
},
{
"Name": "browser_version_s",
"Type": "string"
},
{
"Name": "page_s",
"Type": "string"
},
{
"Name": "severity_level_s",
"Type": "string"
},
{
"Name": "malsite_hostility_s",
"Type": "string"
},
{
"Name": "hostname_s",
"Type": "string"
},
{
"Name": "malsite_region_s",
"Type": "string"
},
{
"Name": "telemetry_app_s",
"Type": "string"
},
{
"Name": "ja3_s",
"Type": "string"
},
{
"Name": "gateway_s",
"Type": "string"
},
{
"Name": "transaction_id_d",
"Type": "real"
},
{
"Name": "suppression_start_time_d",
"Type": "real"
},
{
"Name": "malsite_category_s",
"Type": "string"
},
{
"Name": "malsite_confidence_d",
"Type": "real"
},
{
"Name": "malsite_latitude_d",
"Type": "real"
},
{
"Name": "userip_s",
"Type": "string"
},
{
"Name": "malsite_longitude_d",
"Type": "real"
},
{
"Name": "malsite_active_s",
"Type": "string"
},
{
"Name": "malsite_last_seen_d",
"Type": "real"
},
{
"Name": "numbytes_d",
"Type": "real"
},
{
"Name": "req_cnt_d",
"Type": "real"
},
{
"Name": "dst_timezone_s",
"Type": "string"
},
{
"Name": "managed_app_s",
"Type": "string"
},
{
"Name": "malsite_id_s",
"Type": "string"
},
{
"Name": "protocol_s",
"Type": "string"
},
{
"Name": "threat_match_field_s",
"Type": "string"
},
{
"Name": "browser_session_id_d",
"Type": "real"
},
{
"Name": "suppression_end_time_d",
"Type": "real"
},
{
"Name": "ja3s_s",
"Type": "string"
},
{
"Name": "incident_id_d",
"Type": "real"
},
{
"Name": "notify_template_s",
"Type": "string"
},
{
"Name": "appsuite_s",
"Type": "string"
},
{
"Name": "log_file_name_s",
"Type": "string"
},
{
"Name": "referer_s",
"Type": "string"
},
{
"Name": "fromlogs_s",
"Type": "string"
},
{
"Name": "sAMAccountName_s",
"Type": "string"
},
{
"Name": "threat_source_id_d",
"Type": "real"
},
{
"Name": "server_bytes_d",
"Type": "real"
},
{
"Name": "universal_connector_s",
"Type": "string"
},
{
"Name": "aggregated_user_s",
"Type": "string"
},
{
"Name": "device_classification_s",
"Type": "string"
},
{
"Name": "org_s",
"Type": "string"
},
{
"Name": "policy_id_s",
"Type": "string"
},
{
"Name": "page_site_s",
"Type": "string"
},
{
"Name": "useragent_s",
"Type": "string"
},
{
"Name": "malsite_ip_host_s",
"Type": "string"
},
{
"Name": "os_version_s",
"Type": "string"
},
{
"Name": "malicious_s",
"Type": "string"
},
{
"Name": "from_user_s",
"Type": "string"
},
{
"Name": "severity_s",
"Type": "string"
},
{
"Name": "department_s",
"Type": "string"
},
{
"Name": "malsite_reputation_s",
"Type": "string"
},
{
"Name": "connection_id_d",
"Type": "real"
},
{
"Name": "dsthost_s",
"Type": "string"
},
{
"Name": "sfwder_s",
"Type": "string"
},
{
"Name": "malsite_first_seen_d",
"Type": "real"
},
{
"Name": "severity_level_id_d",
"Type": "real"
},
{
"Name": "co_s",
"Type": "string"
},
{
"Name": "malsite_country_s",
"Type": "string"
},
{
"Name": "src_timezone_s",
"Type": "string"
},
{
"Name": "division_s",
"Type": "string"
},
{
"Name": "threat_match_value_s",
"Type": "string"
},
{
"Name": "app_session_id_d",
"Type": "real"
},
{
"Name": "resp_cnt_d",
"Type": "real"
},
{
"Name": "malsite_consecutive_s",
"Type": "string"
},
{
"Name": "conn_duration_d",
"Type": "real"
},
{
"Name": "client_bytes_d",
"Type": "real"
},
{
"Name": "dstport_d",
"Type": "real"
},
{
"Name": "cci_s",
"Type": "string"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

553
.script/tests/KqlvalidationsTests/CustomTables/alertsmalwaredata_CL.json Normal file
Просмотреть файл

@ -0,0 +1,553 @@
{
"Name": "alertsmalwaredata_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "_id_s",
"Type": "string"
},
{
"Name": "access_method_s",
"Type": "string"
},
{
"Name": "acked_s",
"Type": "string"
},
{
"Name": "action_s",
"Type": "string"
},
{
"Name": "activity_s",
"Type": "string"
},
{
"Name": "alert_s",
"Type": "string"
},
{
"Name": "alert_name_s",
"Type": "string"
},
{
"Name": "alert_type_s",
"Type": "string"
},
{
"Name": "app_s",
"Type": "string"
},
{
"Name": "appcategory_s",
"Type": "string"
},
{
"Name": "browser_s",
"Type": "string"
},
{
"Name": "Category",
"Type": "string"
},
{
"Name": "cci_s",
"Type": "string"
},
{
"Name": "ccl_s",
"Type": "string"
},
{
"Name": "count_d",
"Type": "real"
},
{
"Name": "device_s",
"Type": "string"
},
{
"Name": "dst_country_s",
"Type": "string"
},
{
"Name": "dst_geoip_src_d",
"Type": "real"
},
{
"Name": "dst_latitude_d",
"Type": "real"
},
{
"Name": "dst_location_s",
"Type": "string"
},
{
"Name": "dst_longitude_d",
"Type": "real"
},
{
"Name": "dst_region_s",
"Type": "string"
},
{
"Name": "dst_zipcode_s",
"Type": "string"
},
{
"Name": "dstip_s",
"Type": "string"
},
{
"Name": "file_path_s",
"Type": "string"
},
{
"Name": "file_size_d",
"Type": "real"
},
{
"Name": "file_type_s",
"Type": "string"
},
{
"Name": "instance_s",
"Type": "string"
},
{
"Name": "instance_id_s",
"Type": "string"
},
{
"Name": "local_sha256_s",
"Type": "string"
},
{
"Name": "md5_g",
"Type": "string"
},
{
"Name": "mime_type_s",
"Type": "string"
},
{
"Name": "object_s",
"Type": "string"
},
{
"Name": "object_id_s",
"Type": "string"
},
{
"Name": "object_type_s",
"Type": "string"
},
{
"Name": "organization_unit_s",
"Type": "string"
},
{
"Name": "os_s",
"Type": "string"
},
{
"Name": "policy_s",
"Type": "string"
},
{
"Name": "request_id_s",
"Type": "string"
},
{
"Name": "scan_type_s",
"Type": "string"
},
{
"Name": "site_s",
"Type": "string"
},
{
"Name": "src_country_s",
"Type": "string"
},
{
"Name": "src_geoip_src_d",
"Type": "real"
},
{
"Name": "src_latitude_d",
"Type": "real"
},
{
"Name": "src_location_s",
"Type": "string"
},
{
"Name": "src_longitude_d",
"Type": "real"
},
{
"Name": "src_region_s",
"Type": "string"
},
{
"Name": "src_zipcode_s",
"Type": "string"
},
{
"Name": "srcip_s",
"Type": "string"
},
{
"Name": "timestamp_d",
"Type": "real"
},
{
"Name": "traffic_type_s",
"Type": "string"
},
{
"Name": "type_s",
"Type": "string"
},
{
"Name": "ur_normalized_s",
"Type": "string"
},
{
"Name": "url_s",
"Type": "string"
},
{
"Name": "user_s",
"Type": "string"
},
{
"Name": "user_id_s",
"Type": "string"
},
{
"Name": "file_category_s",
"Type": "string"
},
{
"Name": "app_session_id_d",
"Type": "real"
},
{
"Name": "created_date_d",
"Type": "real"
},
{
"Name": "policy_id_s",
"Type": "string"
},
{
"Name": "transaction_id_d",
"Type": "real"
},
{
"Name": "usr_udf_employeeid_s",
"Type": "string"
},
{
"Name": "managementID_s",
"Type": "string"
},
{
"Name": "malware_name_s",
"Type": "string"
},
{
"Name": "company_s",
"Type": "string"
},
{
"Name": "usr_status_s",
"Type": "string"
},
{
"Name": "usr_udf_businesssegmentlevel4_s",
"Type": "string"
},
{
"Name": "dst_timezone_s",
"Type": "string"
},
{
"Name": "parent_id_s",
"Type": "string"
},
{
"Name": "file_name_s",
"Type": "string"
},
{
"Name": "tss_license_s",
"Type": "string"
},
{
"Name": "manager_s",
"Type": "string"
},
{
"Name": "modified_date_d",
"Type": "real"
},
{
"Name": "page_site_s",
"Type": "string"
},
{
"Name": "nsdeviceuid_s",
"Type": "string"
},
{
"Name": "usr_udf_businesssegmentlevel1_s",
"Type": "string"
},
{
"Name": "usr_udf_companyname_s",
"Type": "string"
},
{
"Name": "malware_profile_s",
"Type": "string"
},
{
"Name": "true_filetype_s",
"Type": "string"
},
{
"Name": "usr_title_s",
"Type": "string"
},
{
"Name": "usr_udf_primarydomain_s",
"Type": "string"
},
{
"Name": "browser_version_s",
"Type": "string"
},
{
"Name": "appsuite_s",
"Type": "string"
},
{
"Name": "malware_id_s",
"Type": "string"
},
{
"Name": "from_user_s",
"Type": "string"
},
{
"Name": "detection_type_s",
"Type": "string"
},
{
"Name": "sha1_s",
"Type": "string"
},
{
"Name": "userip_s",
"Type": "string"
},
{
"Name": "browser_session_id_d",
"Type": "real"
},
{
"Name": "severity_id_d",
"Type": "real"
},
{
"Name": "usr_display_name_s",
"Type": "string"
},
{
"Name": "department_s",
"Type": "string"
},
{
"Name": "usr_udf_businesssegmentlevel2_s",
"Type": "string"
},
{
"Name": "hostname_s",
"Type": "string"
},
{
"Name": "filename_s",
"Type": "string"
},
{
"Name": "referer_s",
"Type": "string"
},
{
"Name": "usr_udf_supervisorid_s",
"Type": "string"
},
{
"Name": "sanctioned_instance_s",
"Type": "string"
},
{
"Name": "file_id_s",
"Type": "string"
},
{
"Name": "src_time_s",
"Type": "string"
},
{
"Name": "app_name_s",
"Type": "string"
},
{
"Name": "TSS_scan_s",
"Type": "string"
},
{
"Name": "malware_severity_s",
"Type": "string"
},
{
"Name": "os_version_s",
"Type": "string"
},
{
"Name": "userPrincipalName_s",
"Type": "string"
},
{
"Name": "usr_udf_supervisorname_s",
"Type": "string"
},
{
"Name": "severity_s",
"Type": "string"
},
{
"Name": "detection_engine_s",
"Type": "string"
},
{
"Name": "managed_app_s",
"Type": "string"
},
{
"Name": "shared_with_s",
"Type": "string"
},
{
"Name": "connection_id_d",
"Type": "real"
},
{
"Name": "page_s",
"Type": "string"
},
{
"Name": "scanner_result_s",
"Type": "string"
},
{
"Name": "usr_udf_businesssegmentlevel3_s",
"Type": "string"
},
{
"Name": "shared_type_s",
"Type": "string"
},
{
"Name": "userCountry_s",
"Type": "string"
},
{
"Name": "device_classification_s",
"Type": "string"
},
{
"Name": "scan_time_d",
"Type": "real"
},
{
"Name": "tss_mode_s",
"Type": "string"
},
{
"Name": "protocol_s",
"Type": "string"
},
{
"Name": "local_md5_s",
"Type": "string"
},
{
"Name": "src_timezone_s",
"Type": "string"
},
{
"Name": "fastscan_results_s",
"Type": "string"
},
{
"Name": "title_s",
"Type": "string"
},
{
"Name": "incident_id_d",
"Type": "real"
},
{
"Name": "malware_type_s",
"Type": "string"
},
{
"Name": "ml_detection_s",
"Type": "string"
},
{
"Name": "cci_d",
"Type": "real"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

869
.script/tests/KqlvalidationsTests/CustomTables/alertspolicydata_CL.json Normal file
Просмотреть файл

@ -0,0 +1,869 @@
{
"Name": "alertspolicydata_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "_id_s",
"Type": "string"
},
{
"Name": "access_method_s",
"Type": "string"
},
{
"Name": "acked_s",
"Type": "string"
},
{
"Name": "action_s",
"Type": "string"
},
{
"Name": "activity_s",
"Type": "string"
},
{
"Name": "alert_s",
"Type": "string"
},
{
"Name": "alert_name_s",
"Type": "string"
},
{
"Name": "alert_type_s",
"Type": "string"
},
{
"Name": "app_s",
"Type": "string"
},
{
"Name": "appcategory_s",
"Type": "string"
},
{
"Name": "browser_s",
"Type": "string"
},
{
"Name": "Category",
"Type": "string"
},
{
"Name": "cci_d",
"Type": "real"
},
{
"Name": "ccl_s",
"Type": "string"
},
{
"Name": "count_d",
"Type": "real"
},
{
"Name": "device_s",
"Type": "string"
},
{
"Name": "dst_country_s",
"Type": "string"
},
{
"Name": "dst_geoip_src_d",
"Type": "real"
},
{
"Name": "dst_latitude_d",
"Type": "real"
},
{
"Name": "dst_location_s",
"Type": "string"
},
{
"Name": "dst_longitude_d",
"Type": "real"
},
{
"Name": "dst_region_s",
"Type": "string"
},
{
"Name": "dst_zipcode_s",
"Type": "string"
},
{
"Name": "dstip_s",
"Type": "string"
},
{
"Name": "exposure_s",
"Type": "string"
},
{
"Name": "file_path_s",
"Type": "string"
},
{
"Name": "file_size_d",
"Type": "real"
},
{
"Name": "file_type_s",
"Type": "string"
},
{
"Name": "instance_s",
"Type": "string"
},
{
"Name": "instance_id_s",
"Type": "string"
},
{
"Name": "md5_g",
"Type": "string"
},
{
"Name": "mime_type_s",
"Type": "string"
},
{
"Name": "modified_d",
"Type": "real"
},
{
"Name": "object_s",
"Type": "string"
},
{
"Name": "object_id_s",
"Type": "string"
},
{
"Name": "object_type_s",
"Type": "string"
},
{
"Name": "organization_unit_s",
"Type": "string"
},
{
"Name": "os_s",
"Type": "string"
},
{
"Name": "other_categories_s",
"Type": "string"
},
{
"Name": "owner_s",
"Type": "string"
},
{
"Name": "policy_s",
"Type": "string"
},
{
"Name": "request_id_s",
"Type": "string"
},
{
"Name": "scan_type_s",
"Type": "string"
},
{
"Name": "site_s",
"Type": "string"
},
{
"Name": "src_country_s",
"Type": "string"
},
{
"Name": "src_geoip_src_d",
"Type": "real"
},
{
"Name": "src_latitude_d",
"Type": "real"
},
{
"Name": "src_location_s",
"Type": "string"
},
{
"Name": "src_longitude_d",
"Type": "real"
},
{
"Name": "src_region_s",
"Type": "string"
},
{
"Name": "src_zipcode_s",
"Type": "string"
},
{
"Name": "srcip_s",
"Type": "string"
},
{
"Name": "suppression_key_s",
"Type": "string"
},
{
"Name": "timestamp_d",
"Type": "real"
},
{
"Name": "traffic_type_s",
"Type": "string"
},
{
"Name": "type_s",
"Type": "string"
},
{
"Name": "ur_normalized_s",
"Type": "string"
},
{
"Name": "url_s",
"Type": "string"
},
{
"Name": "user_s",
"Type": "string"
},
{
"Name": "network_session_id_s",
"Type": "string"
},
{
"Name": "telemetry_app_s",
"Type": "string"
},
{
"Name": "user_tmp_s",
"Type": "string"
},
{
"Name": "shared_with_s",
"Type": "string"
},
{
"Name": "referer_s",
"Type": "string"
},
{
"Name": "start_time_s",
"Type": "string"
},
{
"Name": "appsuite_s",
"Type": "string"
},
{
"Name": "malware_id_s",
"Type": "string"
},
{
"Name": "remediation_profile_s",
"Type": "string"
},
{
"Name": "suppression_start_time_d",
"Type": "real"
},
{
"Name": "hostname_s",
"Type": "string"
},
{
"Name": "managed_app_s",
"Type": "string"
},
{
"Name": "activity_status_s",
"Type": "string"
},
{
"Name": "from_user_s",
"Type": "string"
},
{
"Name": "user_id_s",
"Type": "string"
},
{
"Name": "file_category_s",
"Type": "string"
},
{
"Name": "dsthost_s",
"Type": "string"
},
{
"Name": "message_size_d",
"Type": "real"
},
{
"Name": "tunnel_type_s",
"Type": "string"
},
{
"Name": "end_time_s",
"Type": "string"
},
{
"Name": "malicious_s",
"Type": "string"
},
{
"Name": "quarantine_profile_id_s",
"Type": "string"
},
{
"Name": "browser_version_s",
"Type": "string"
},
{
"Name": "q_original_filepath_s",
"Type": "string"
},
{
"Name": "last_name_s",
"Type": "string"
},
{
"Name": "userCountry_s",
"Type": "string"
},
{
"Name": "manager_s",
"Type": "string"
},
{
"Name": "q_original_version_s",
"Type": "string"
},
{
"Name": "threat_match_field_s",
"Type": "string"
},
{
"Name": "publisher_cn_s",
"Type": "string"
},
{
"Name": "app_session_id_d",
"Type": "real"
},
{
"Name": "sAMAccountName_s",
"Type": "string"
},
{
"Name": "conn_duration_d",
"Type": "real"
},
{
"Name": "parent_id_s",
"Type": "string"
},
{
"Name": "from_object_s",
"Type": "string"
},
{
"Name": "connection_id_d",
"Type": "real"
},
{
"Name": "risk_level_s",
"Type": "string"
},
{
"Name": "total_collaborator_count_d",
"Type": "real"
},
{
"Name": "memberOf_s",
"Type": "string"
},
{
"Name": "notify_template_s",
"Type": "string"
},
{
"Name": "client_bytes_d",
"Type": "real"
},
{
"Name": "useragent_s",
"Type": "string"
},
{
"Name": "encrypt_failure_s",
"Type": "string"
},
{
"Name": "serial_s",
"Type": "string"
},
{
"Name": "quarantine_file_name_s",
"Type": "string"
},
{
"Name": "tunnel_id_s",
"Type": "string"
},
{
"Name": "from_storage_s",
"Type": "string"
},
{
"Name": "session_duration_d",
"Type": "real"
},
{
"Name": "page_site_s",
"Type": "string"
},
{
"Name": "browser_session_id_d",
"Type": "real"
},
{
"Name": "tunnel_up_time_d",
"Type": "real"
},
{
"Name": "resp_cnt_d",
"Type": "real"
},
{
"Name": "group_s",
"Type": "string"
},
{
"Name": "sAMAccountType_s",
"Type": "string"
},
{
"Name": "to_object_s",
"Type": "string"
},
{
"Name": "managementID_s",
"Type": "string"
},
{
"Name": "malware_severity_s",
"Type": "string"
},
{
"Name": "protocol_s",
"Type": "string"
},
{
"Name": "activity_type_s",
"Type": "string"
},
{
"Name": "q_original_filename_s",
"Type": "string"
},
{
"Name": "tss_mode_s",
"Type": "string"
},
{
"Name": "page_s",
"Type": "string"
},
{
"Name": "http_status_s",
"Type": "string"
},
{
"Name": "smtp_to_s",
"Type": "string"
},
{
"Name": "q_app_s",
"Type": "string"
},
{
"Name": "smtp_status_s",
"Type": "string"
},
{
"Name": "protocol_port_s",
"Type": "string"
},
{
"Name": "src_time_s",
"Type": "string"
},
{
"Name": "server_packets_d",
"Type": "real"
},
{
"Name": "sanctioned_instance_s",
"Type": "string"
},
{
"Name": "client_packets_d",
"Type": "real"
},
{
"Name": "malware_name_s",
"Type": "string"
},
{
"Name": "userip_s",
"Type": "string"
},
{
"Name": "Title_s",
"Type": "string"
},
{
"Name": "dynamic_classification_s",
"Type": "string"
},
{
"Name": "sender_s",
"Type": "string"
},
{
"Name": "threat_source_id_d",
"Type": "real"
},
{
"Name": "internal_collaborator_count_d",
"Type": "real"
},
{
"Name": "total_packets_d",
"Type": "real"
},
{
"Name": "app_scopes_s",
"Type": "string"
},
{
"Name": "log_file_name_s",
"Type": "string"
},
{
"Name": "malsite_category_s",
"Type": "string"
},
{
"Name": "redirect_url_s",
"Type": "string"
},
{
"Name": "dstport_d",
"Type": "real"
},
{
"Name": "aggregated_user_s",
"Type": "string"
},
{
"Name": "numbytes_d",
"Type": "real"
},
{
"Name": "sfwder_s",
"Type": "string"
},
{
"Name": "q_original_shared_s",
"Type": "string"
},
{
"Name": "srcport_d",
"Type": "real"
},
{
"Name": "to_user_s",
"Type": "string"
},
{
"Name": "q_admin_s",
"Type": "string"
},
{
"Name": "universal_connector_s",
"Type": "string"
},
{
"Name": "forward_to_proxy_xau_s",
"Type": "string"
},
{
"Name": "publisher_name_s",
"Type": "string"
},
{
"Name": "quarantine_profile_s",
"Type": "string"
},
{
"Name": "shared_domains_s",
"Type": "string"
},
{
"Name": "trust_computer_checked_s",
"Type": "string"
},
{
"Name": "malware_type_s",
"Type": "string"
},
{
"Name": "dlp_profile_s",
"Type": "string"
},
{
"Name": "all_policy_matches_s",
"Type": "string"
},
{
"Name": "data_type_s",
"Type": "string"
},
{
"Name": "TSS_scan_s",
"Type": "string"
},
{
"Name": "external_collaborator_count_d",
"Type": "real"
},
{
"Name": "severity_s",
"Type": "string"
},
{
"Name": "num_sessions_d",
"Type": "real"
},
{
"Name": "distinguishedName_s",
"Type": "string"
},
{
"Name": "gateway_s",
"Type": "string"
},
{
"Name": "profile_emails_s",
"Type": "string"
},
{
"Name": "mail_s",
"Type": "string"
},
{
"Name": "suppression_end_time_d",
"Type": "real"
},
{
"Name": "dst_timezone_s",
"Type": "string"
},
{
"Name": "nsdeviceuid_s",
"Type": "string"
},
{
"Name": "ip_protocol_s",
"Type": "string"
},
{
"Name": "tss_scan_failed_s",
"Type": "string"
},
{
"Name": "cc_s",
"Type": "string"
},
{
"Name": "req_cnt_d",
"Type": "real"
},
{
"Name": "tss_fail_reason_s",
"Type": "string"
},
{
"Name": "displayName_s",
"Type": "string"
},
{
"Name": "sessionid_s",
"Type": "string"
},
{
"Name": "justification_type_s",
"Type": "string"
},
{
"Name": "threat_match_value_s",
"Type": "string"
},
{
"Name": "incident_id_d",
"Type": "real"
},
{
"Name": "file_id_s",
"Type": "string"
},
{
"Name": "division_s",
"Type": "string"
},
{
"Name": "os_version_s",
"Type": "string"
},
{
"Name": "two_factor_auth_s",
"Type": "string"
},
{
"Name": "dlp_fail_reason_s",
"Type": "string"
},
{
"Name": "network_s",
"Type": "string"
},
{
"Name": "server_bytes_d",
"Type": "real"
},
{
"Name": "orignal_file_path_s",
"Type": "string"
},
{
"Name": "app_activity_s",
"Type": "string"
},
{
"Name": "event_type_s",
"Type": "string"
},
{
"Name": "src_timezone_s",
"Type": "string"
},
{
"Name": "device_classification_s",
"Type": "string"
},
{
"Name": "bcc_s",
"Type": "string"
},
{
"Name": "act_user_s",
"Type": "string"
},
{
"Name": "to_storage_s",
"Type": "string"
},
{
"Name": "custom_connector_s",
"Type": "string"
},
{
"Name": "object_count_d",
"Type": "real"
},
{
"Name": "q_instance_s",
"Type": "string"
},
{
"Name": "policy_id_s",
"Type": "string"
},
{
"Name": "message_id_s",
"Type": "string"
},
{
"Name": "dlp_scan_failed_s",
"Type": "string"
},
{
"Name": "transaction_id_d",
"Type": "real"
},
{
"Name": "quarantine_file_id_s",
"Type": "string"
},
{
"Name": "org_s",
"Type": "string"
},
{
"Name": "justification_reason_s",
"Type": "string"
},
{
"Name": "cci_s",
"Type": "string"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

293
.script/tests/KqlvalidationsTests/CustomTables/alertsquarantinedata_CL.json Normal file
Просмотреть файл

@ -0,0 +1,293 @@
{
"Name": "alertsquarantinedata_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "_id_s",
"Type": "string"
},
{
"Name": "access_method_s",
"Type": "string"
},
{
"Name": "acked_s",
"Type": "string"
},
{
"Name": "action_s",
"Type": "string"
},
{
"Name": "alert_s",
"Type": "string"
},
{
"Name": "alert_name_s",
"Type": "string"
},
{
"Name": "alert_type_s",
"Type": "string"
},
{
"Name": "app_s",
"Type": "string"
},
{
"Name": "appcategory_s",
"Type": "string"
},
{
"Name": "browser_s",
"Type": "string"
},
{
"Name": "Category",
"Type": "string"
},
{
"Name": "cci_s",
"Type": "string"
},
{
"Name": "ccl_s",
"Type": "string"
},
{
"Name": "count_d",
"Type": "real"
},
{
"Name": "device_s",
"Type": "string"
},
{
"Name": "exposure_s",
"Type": "string"
},
{
"Name": "file_path_s",
"Type": "string"
},
{
"Name": "file_size_d",
"Type": "real"
},
{
"Name": "file_type_s",
"Type": "string"
},
{
"Name": "instance_id_s",
"Type": "string"
},
{
"Name": "md5_g",
"Type": "string"
},
{
"Name": "mime_type_s",
"Type": "string"
},
{
"Name": "modified_d",
"Type": "real"
},
{
"Name": "object_s",
"Type": "string"
},
{
"Name": "object_id_s",
"Type": "string"
},
{
"Name": "object_type_s",
"Type": "string"
},
{
"Name": "organization_unit_s",
"Type": "string"
},
{
"Name": "os_s",
"Type": "string"
},
{
"Name": "other_categories_s",
"Type": "string"
},
{
"Name": "owner_s",
"Type": "string"
},
{
"Name": "policy_s",
"Type": "string"
},
{
"Name": "scan_type_s",
"Type": "string"
},
{
"Name": "site_s",
"Type": "string"
},
{
"Name": "suppression_key_s",
"Type": "string"
},
{
"Name": "timestamp_d",
"Type": "real"
},
{
"Name": "traffic_type_s",
"Type": "string"
},
{
"Name": "type_s",
"Type": "string"
},
{
"Name": "ur_normalized_s",
"Type": "string"
},
{
"Name": "url_s",
"Type": "string"
},
{
"Name": "user_s",
"Type": "string"
},
{
"Name": "userkey_s",
"Type": "string"
},
{
"Name": "departmentNumber_s",
"Type": "string"
},
{
"Name": "file_id_s",
"Type": "string"
},
{
"Name": "dlp_profile_s",
"Type": "string"
},
{
"Name": "quarantine_file_name_s",
"Type": "string"
},
{
"Name": "manager_s",
"Type": "string"
},
{
"Name": "quarantine_profile_id_s",
"Type": "string"
},
{
"Name": "q_original_shared_s",
"Type": "string"
},
{
"Name": "profile_emails_s",
"Type": "string"
},
{
"Name": "from_user_s",
"Type": "string"
},
{
"Name": "shared_with_s",
"Type": "string"
},
{
"Name": "q_original_version_s",
"Type": "string"
},
{
"Name": "q_original_filepath_s",
"Type": "string"
},
{
"Name": "user_id_s",
"Type": "string"
},
{
"Name": "quarantine_profile_s",
"Type": "string"
},
{
"Name": "quarantine_file_id_s",
"Type": "string"
},
{
"Name": "q_admin_s",
"Type": "string"
},
{
"Name": "q_original_filename_s",
"Type": "string"
},
{
"Name": "q_app_s",
"Type": "string"
},
{
"Name": "department_s",
"Type": "string"
},
{
"Name": "orignal_file_path_s",
"Type": "string"
},
{
"Name": "q_instance_s",
"Type": "string"
},
{
"Name": "cci_d",
"Type": "real"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

389
.script/tests/KqlvalidationsTests/CustomTables/alertsremediationdata_CL.json Normal file
Просмотреть файл

@ -0,0 +1,389 @@
{
"Name": "alertsremediationdata_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "_id_s",
"Type": "string"
},
{
"Name": "access_method_s",
"Type": "string"
},
{
"Name": "acked_s",
"Type": "string"
},
{
"Name": "action_s",
"Type": "string"
},
{
"Name": "activity_s",
"Type": "string"
},
{
"Name": "alert_s",
"Type": "string"
},
{
"Name": "alert_name_s",
"Type": "string"
},
{
"Name": "alert_type_s",
"Type": "string"
},
{
"Name": "app_s",
"Type": "string"
},
{
"Name": "appcategory_s",
"Type": "string"
},
{
"Name": "browser_s",
"Type": "string"
},
{
"Name": "Category",
"Type": "string"
},
{
"Name": "cci_s",
"Type": "string"
},
{
"Name": "ccl_s",
"Type": "string"
},
{
"Name": "count_d",
"Type": "real"
},
{
"Name": "device_s",
"Type": "string"
},
{
"Name": "dst_country_s",
"Type": "string"
},
{
"Name": "dst_geoip_src_d",
"Type": "real"
},
{
"Name": "dst_latitude_d",
"Type": "real"
},
{
"Name": "dst_location_s",
"Type": "string"
},
{
"Name": "dst_longitude_d",
"Type": "real"
},
{
"Name": "dst_region_s",
"Type": "string"
},
{
"Name": "dst_zipcode_s",
"Type": "string"
},
{
"Name": "dstip_s",
"Type": "string"
},
{
"Name": "file_size_d",
"Type": "real"
},
{
"Name": "file_type_s",
"Type": "string"
},
{
"Name": "instance_id_s",
"Type": "string"
},
{
"Name": "md5_g",
"Type": "string"
},
{
"Name": "object_s",
"Type": "string"
},
{
"Name": "object_type_s",
"Type": "string"
},
{
"Name": "organization_unit_s",
"Type": "string"
},
{
"Name": "os_s",
"Type": "string"
},
{
"Name": "policy_s",
"Type": "string"
},
{
"Name": "request_id_s",
"Type": "string"
},
{
"Name": "site_s",
"Type": "string"
},
{
"Name": "src_country_s",
"Type": "string"
},
{
"Name": "src_geoip_src_d",
"Type": "real"
},
{
"Name": "src_latitude_d",
"Type": "real"
},
{
"Name": "src_location_s",
"Type": "string"
},
{
"Name": "src_longitude_d",
"Type": "real"
},
{
"Name": "src_region_s",
"Type": "string"
},
{
"Name": "src_zipcode_s",
"Type": "string"
},
{
"Name": "srcip_s",
"Type": "string"
},
{
"Name": "timestamp_d",
"Type": "real"
},
{
"Name": "traffic_type_s",
"Type": "string"
},
{
"Name": "type_s",
"Type": "string"
},
{
"Name": "ur_normalized_s",
"Type": "string"
},
{
"Name": "url_s",
"Type": "string"
},
{
"Name": "user_s",
"Type": "string"
},
{
"Name": "appsuite_s",
"Type": "string"
},
{
"Name": "transaction_id_d",
"Type": "real"
},
{
"Name": "page_s",
"Type": "string"
},
{
"Name": "hostname_s",
"Type": "string"
},
{
"Name": "policy_id_s",
"Type": "string"
},
{
"Name": "connection_id_d",
"Type": "real"
},
{
"Name": "app_session_id_d",
"Type": "real"
},
{
"Name": "severity_s",
"Type": "string"
},
{
"Name": "tss_mode_s",
"Type": "string"
},
{
"Name": "managed_app_s",
"Type": "string"
},
{
"Name": "endpoint_count_d",
"Type": "real"
},
{
"Name": "malware_type_s",
"Type": "string"
},
{
"Name": "notify_template_s",
"Type": "string"
},
{
"Name": "device_classification_s",
"Type": "string"
},
{
"Name": "page_site_s",
"Type": "string"
},
{
"Name": "dlp_profile_s",
"Type": "string"
},
{
"Name": "managementID_s",
"Type": "string"
},
{
"Name": "all_policy_matches_s",
"Type": "string"
},
{
"Name": "profile_hits_s",
"Type": "string"
},
{
"Name": "malware_severity_s",
"Type": "string"
},
{
"Name": "sanctioned_instance_s",
"Type": "string"
},
{
"Name": "src_timezone_s",
"Type": "string"
},
{
"Name": "dst_timezone_s",
"Type": "string"
},
{
"Name": "edr_app_s",
"Type": "string"
},
{
"Name": "browser_session_id_d",
"Type": "real"
},
{
"Name": "os_version_s",
"Type": "string"
},
{
"Name": "src_time_s",
"Type": "string"
},
{
"Name": "nsdeviceuid_s",
"Type": "string"
},
{
"Name": "actions_taken_s",
"Type": "string"
},
{
"Name": "malware_id_s",
"Type": "string"
},
{
"Name": "from_user_s",
"Type": "string"
},
{
"Name": "endpoints_s",
"Type": "string"
},
{
"Name": "protocol_s",
"Type": "string"
},
{
"Name": "incident_id_d",
"Type": "real"
},
{
"Name": "remediation_profile_s",
"Type": "string"
},
{
"Name": "userip_s",
"Type": "string"
},
{
"Name": "malware_name_s",
"Type": "string"
},
{
"Name": "cci_d",
"Type": "real"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

233
.script/tests/KqlvalidationsTests/CustomTables/alertssecurityassessmentdata_CL.json Normal file
Просмотреть файл

@ -0,0 +1,233 @@
{
"Name": "alertssecurityassessmentdata_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "_id_s",
"Type": "string"
},
{
"Name": "access_method_s",
"Type": "string"
},
{
"Name": "acked_s",
"Type": "string"
},
{
"Name": "action_s",
"Type": "string"
},
{
"Name": "activity_s",
"Type": "string"
},
{
"Name": "alert_s",
"Type": "string"
},
{
"Name": "alert_name_s",
"Type": "string"
},
{
"Name": "alert_type_s",
"Type": "string"
},
{
"Name": "app_s",
"Type": "string"
},
{
"Name": "appcategory_s",
"Type": "string"
},
{
"Name": "browser_s",
"Type": "string"
},
{
"Name": "Category",
"Type": "string"
},
{
"Name": "cci_s",
"Type": "string"
},
{
"Name": "ccl_s",
"Type": "string"
},
{
"Name": "count_d",
"Type": "real"
},
{
"Name": "device_s",
"Type": "string"
},
{
"Name": "instance_id_s",
"Type": "string"
},
{
"Name": "object_s",
"Type": "string"
},
{
"Name": "object_type_s",
"Type": "string"
},
{
"Name": "organization_unit_s",
"Type": "string"
},
{
"Name": "os_s",
"Type": "string"
},
{
"Name": "policy_s",
"Type": "string"
},
{
"Name": "site_s",
"Type": "string"
},
{
"Name": "timestamp_d",
"Type": "real"
},
{
"Name": "traffic_type_s",
"Type": "string"
},
{
"Name": "type_s",
"Type": "string"
},
{
"Name": "ur_normalized_s",
"Type": "string"
},
{
"Name": "user_s",
"Type": "string"
},
{
"Name": "userkey_s",
"Type": "string"
},
{
"Name": "iaas_asset_tags_s",
"Type": "string"
},
{
"Name": "sa_rule_id_s",
"Type": "string"
},
{
"Name": "region_id_s",
"Type": "string"
},
{
"Name": "resource_category_s",
"Type": "string"
},
{
"Name": "asset_id_s",
"Type": "string"
},
{
"Name": "asset_object_id_s",
"Type": "string"
},
{
"Name": "sa_profile_name_s",
"Type": "string"
},
{
"Name": "resource_group_s",
"Type": "string"
},
{
"Name": "sa_profile_id_d",
"Type": "real"
},
{
"Name": "sAMAccountName_s",
"Type": "string"
},
{
"Name": "sa_rule_severity_s",
"Type": "string"
},
{
"Name": "policy_id_d",
"Type": "real"
},
{
"Name": "account_name_s",
"Type": "string"
},
{
"Name": "account_id_s",
"Type": "string"
},
{
"Name": "iaas_remediated_s",
"Type": "string"
},
{
"Name": "sa_rule_name_s",
"Type": "string"
},
{
"Name": "region_name_s",
"Type": "string"
},
{
"Name": "compliance_standards_s",
"Type": "string"
},
{
"Name": "cci_d",
"Type": "real"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

629
.script/tests/KqlvalidationsTests/CustomTables/alertsubadata_CL.json Normal file
Просмотреть файл

@ -0,0 +1,629 @@
{
"Name": "alertsubadata_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "_id_s",
"Type": "string"
},
{
"Name": "access_method_s",
"Type": "string"
},
{
"Name": "acked_s",
"Type": "string"
},
{
"Name": "action_s",
"Type": "string"
},
{
"Name": "activity_s",
"Type": "string"
},
{
"Name": "alert_s",
"Type": "string"
},
{
"Name": "alert_id_g",
"Type": "string"
},
{
"Name": "alert_name_s",
"Type": "string"
},
{
"Name": "alert_type_s",
"Type": "string"
},
{
"Name": "app_s",
"Type": "string"
},
{
"Name": "app_session_id_d",
"Type": "real"
},
{
"Name": "appcategory_s",
"Type": "string"
},
{
"Name": "browser_s",
"Type": "string"
},
{
"Name": "browser_session_id_d",
"Type": "real"
},
{
"Name": "browser_version_s",
"Type": "string"
},
{
"Name": "Category",
"Type": "string"
},
{
"Name": "cci_d",
"Type": "real"
},
{
"Name": "ccl_s",
"Type": "string"
},
{
"Name": "connection_id_d",
"Type": "real"
},
{
"Name": "count_d",
"Type": "real"
},
{
"Name": "device_s",
"Type": "string"
},
{
"Name": "dst_country_s",
"Type": "string"
},
{
"Name": "dst_geoip_src_d",
"Type": "real"
},
{
"Name": "dst_latitude_d",
"Type": "real"
},
{
"Name": "dst_location_s",
"Type": "string"
},
{
"Name": "dst_longitude_d",
"Type": "real"
},
{
"Name": "dst_region_s",
"Type": "string"
},
{
"Name": "dst_timezone_s",
"Type": "string"
},
{
"Name": "dst_zipcode_s",
"Type": "string"
},
{
"Name": "dstip_s",
"Type": "string"
},
{
"Name": "event_type_s",
"Type": "string"
},
{
"Name": "evt_src_chnl_s",
"Type": "string"
},
{
"Name": "file_size_d",
"Type": "real"
},
{
"Name": "hostname_s",
"Type": "string"
},
{
"Name": "instance_id_s",
"Type": "string"
},
{
"Name": "managed_app_s",
"Type": "string"
},
{
"Name": "md5_g",
"Type": "string"
},
{
"Name": "object_s",
"Type": "string"
},
{
"Name": "object_id_g",
"Type": "string"
},
{
"Name": "object_type_s",
"Type": "string"
},
{
"Name": "organization_unit_s",
"Type": "string"
},
{
"Name": "os_s",
"Type": "string"
},
{
"Name": "os_version_s",
"Type": "string"
},
{
"Name": "page_s",
"Type": "string"
},
{
"Name": "page_site_s",
"Type": "string"
},
{
"Name": "parent_id_s",
"Type": "string"
},
{
"Name": "policy_s",
"Type": "string"
},
{
"Name": "policy_actions_s",
"Type": "string"
},
{
"Name": "profile_id_s",
"Type": "string"
},
{
"Name": "referer_s",
"Type": "string"
},
{
"Name": "score_s",
"Type": "string"
},
{
"Name": "severity_s",
"Type": "string"
},
{
"Name": "site_s",
"Type": "string"
},
{
"Name": "src_country_s",
"Type": "string"
},
{
"Name": "src_geoip_src_d",
"Type": "real"
},
{
"Name": "src_latitude_d",
"Type": "real"
},
{
"Name": "src_location_s",
"Type": "string"
},
{
"Name": "src_longitude_d",
"Type": "real"
},
{
"Name": "src_region_s",
"Type": "string"
},
{
"Name": "src_timezone_s",
"Type": "string"
},
{
"Name": "src_zipcode_s",
"Type": "string"
},
{
"Name": "srcip_s",
"Type": "string"
},
{
"Name": "telemetry_app_s",
"Type": "string"
},
{
"Name": "threshold_d",
"Type": "real"
},
{
"Name": "threshold_time_d",
"Type": "real"
},
{
"Name": "timestamp_d",
"Type": "real"
},
{
"Name": "traffic_type_s",
"Type": "string"
},
{
"Name": "transaction_id_d",
"Type": "real"
},
{
"Name": "type_s",
"Type": "string"
},
{
"Name": "ur_normalized_s",
"Type": "string"
},
{
"Name": "url_s",
"Type": "string"
},
{
"Name": "user_s",
"Type": "string"
},
{
"Name": "userip_s",
"Type": "string"
},
{
"Name": "userkey_s",
"Type": "string"
},
{
"Name": "loginurl_s",
"Type": "string"
},
{
"Name": "managementID_s",
"Type": "string"
},
{
"Name": "act_user_s",
"Type": "string"
},
{
"Name": "last_location_s",
"Type": "string"
},
{
"Name": "surhn_s",
"Type": "string"
},
{
"Name": "to_user_s",
"Type": "string"
},
{
"Name": "incident_id_d",
"Type": "real"
},
{
"Name": "TSS_scan_s",
"Type": "string"
},
{
"Name": "web_universal_connector_s",
"Type": "string"
},
{
"Name": "app_category_s",
"Type": "string"
},
{
"Name": "to_object_s",
"Type": "string"
},
{
"Name": "app_activity_s",
"Type": "string"
},
{
"Name": "distinguishedName_s",
"Type": "string"
},
{
"Name": "AccountType_s",
"Type": "string"
},
{
"Name": "last_device_s",
"Type": "string"
},
{
"Name": "User_SPACE_Name_s",
"Type": "string"
},
{
"Name": "user_id_s",
"Type": "string"
},
{
"Name": "activity_status_s",
"Type": "string"
},
{
"Name": "all_policy_matches_s",
"Type": "string"
},
{
"Name": "object_count_d",
"Type": "real"
},
{
"Name": "from_user_s",
"Type": "string"
},
{
"Name": "displayName_s",
"Type": "string"
},
{
"Name": "user_role_s",
"Type": "string"
},
{
"Name": "download_app_s",
"Type": "string"
},
{
"Name": "last_app_s",
"Type": "string"
},
{
"Name": "shared_credential_user_s",
"Type": "string"
},
{
"Name": "createdTime_s",
"Type": "string"
},
{
"Name": "last_region_s",
"Type": "string"
},
{
"Name": "audit_type_s",
"Type": "string"
},
{
"Name": "suppression_start_time_d",
"Type": "real"
},
{
"Name": "scopes_s",
"Type": "string"
},
{
"Name": "uba_inst1_s",
"Type": "string"
},
{
"Name": "file_category_s",
"Type": "string"
},
{
"Name": "two_factor_auth_s",
"Type": "string"
},
{
"Name": "group_s",
"Type": "string"
},
{
"Name": "bin_timestamp_d",
"Type": "real"
},
{
"Name": "User_SPACE_Id_s",
"Type": "string"
},
{
"Name": "risk_level_s",
"Type": "string"
},
{
"Name": "useragent_s",
"Type": "string"
},
{
"Name": "user_name_s",
"Type": "string"
},
{
"Name": "risk_level_id_d",
"Type": "real"
},
{
"Name": "policy_id_s",
"Type": "string"
},
{
"Name": "file_type_s",
"Type": "string"
},
{
"Name": "request_id_d",
"Type": "real"
},
{
"Name": "userPrincipalName_s",
"Type": "string"
},
{
"Name": "sanctioned_instance_s",
"Type": "string"
},
{
"Name": "uba_inst2_s",
"Type": "string"
},
{
"Name": "appsuite_s",
"Type": "string"
},
{
"Name": "from_user_category_s",
"Type": "string"
},
{
"Name": "mail_s",
"Type": "string"
},
{
"Name": "sAMAccountName_s",
"Type": "string"
},
{
"Name": "tss_mode_s",
"Type": "string"
},
{
"Name": "uba_ap1_s",
"Type": "string"
},
{
"Name": "last_timestamp_d",
"Type": "real"
},
{
"Name": "tss_fail_reason_s",
"Type": "string"
},
{
"Name": "suppression_end_time_d",
"Type": "real"
},
{
"Name": "to_user_category_s",
"Type": "string"
},
{
"Name": "netskope_activity_s",
"Type": "string"
},
{
"Name": "last_country_s",
"Type": "string"
},
{
"Name": "device_classification_s",
"Type": "string"
},
{
"Name": "anomaly_type_s",
"Type": "string"
},
{
"Name": "division_s",
"Type": "string"
},
{
"Name": "windowId_d",
"Type": "real"
},
{
"Name": "audit_category_s",
"Type": "string"
},
{
"Name": "src_time_s",
"Type": "string"
},
{
"Name": "logintype_s",
"Type": "string"
},
{
"Name": "tss_scan_failed_s",
"Type": "string"
},
{
"Name": "manager_s",
"Type": "string"
},
{
"Name": "protocol_s",
"Type": "string"
},
{
"Name": "employeeType_s",
"Type": "string"
},
{
"Name": "user_category_s",
"Type": "string"
},
{
"Name": "uba_ap2_s",
"Type": "string"
},
{
"Name": "policy_name_s",
"Type": "string"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

621
.script/tests/KqlvalidationsTests/CustomTables/eventsapplicationdata_CL.json Normal file
Просмотреть файл

@ -0,0 +1,621 @@
{
"Name": "eventsapplicationdata_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "_id_s",
"Type": "string"
},
{
"Name": "access_method_s",
"Type": "string"
},
{
"Name": "action_s",
"Type": "string"
},
{
"Name": "activity_s",
"Type": "string"
},
{
"Name": "alert_s",
"Type": "string"
},
{
"Name": "alert_type_s",
"Type": "string"
},
{
"Name": "app_s",
"Type": "string"
},
{
"Name": "appcategory_s",
"Type": "string"
},
{
"Name": "browser_s",
"Type": "string"
},
{
"Name": "Category",
"Type": "string"
},
{
"Name": "cci_d",
"Type": "real"
},
{
"Name": "ccl_s",
"Type": "string"
},
{
"Name": "count_d",
"Type": "real"
},
{
"Name": "device_s",
"Type": "string"
},
{
"Name": "dst_country_s",
"Type": "string"
},
{
"Name": "dst_geoip_src_d",
"Type": "real"
},
{
"Name": "dst_latitude_d",
"Type": "real"
},
{
"Name": "dst_location_s",
"Type": "string"
},
{
"Name": "dst_longitude_d",
"Type": "real"
},
{
"Name": "dst_region_s",
"Type": "string"
},
{
"Name": "dst_zipcode_s",
"Type": "string"
},
{
"Name": "dstip_s",
"Type": "string"
},
{
"Name": "exposure_s",
"Type": "string"
},
{
"Name": "file_lang_s",
"Type": "string"
},
{
"Name": "file_path_s",
"Type": "string"
},
{
"Name": "file_size_d",
"Type": "real"
},
{
"Name": "file_type_s",
"Type": "string"
},
{
"Name": "instance_s",
"Type": "string"
},
{
"Name": "instance_id_s",
"Type": "string"
},
{
"Name": "md5_g",
"Type": "string"
},
{
"Name": "mime_type_s",
"Type": "string"
},
{
"Name": "modified_d",
"Type": "real"
},
{
"Name": "object_s",
"Type": "string"
},
{
"Name": "object_id_s",
"Type": "string"
},
{
"Name": "object_type_s",
"Type": "string"
},
{
"Name": "organization_unit_s",
"Type": "string"
},
{
"Name": "os_s",
"Type": "string"
},
{
"Name": "other_categories_s",
"Type": "string"
},
{
"Name": "owner_s",
"Type": "string"
},
{
"Name": "policy_s",
"Type": "string"
},
{
"Name": "request_id_s",
"Type": "string"
},
{
"Name": "scan_type_s",
"Type": "string"
},
{
"Name": "site_s",
"Type": "string"
},
{
"Name": "src_country_s",
"Type": "string"
},
{
"Name": "src_geoip_src_d",
"Type": "real"
},
{
"Name": "src_latitude_d",
"Type": "real"
},
{
"Name": "src_location_s",
"Type": "string"
},
{
"Name": "src_longitude_d",
"Type": "real"
},
{
"Name": "src_region_s",
"Type": "string"
},
{
"Name": "src_zipcode_s",
"Type": "string"
},
{
"Name": "srcip_s",
"Type": "string"
},
{
"Name": "suppression_key_s",
"Type": "string"
},
{
"Name": "timestamp_d",
"Type": "real"
},
{
"Name": "traffic_type_s",
"Type": "string"
},
{
"Name": "type_s",
"Type": "string"
},
{
"Name": "ur_normalized_s",
"Type": "string"
},
{
"Name": "url_s",
"Type": "string"
},
{
"Name": "user_s",
"Type": "string"
},
{
"Name": "userkey_s",
"Type": "string"
},
{
"Name": "orignal_file_path_s",
"Type": "string"
},
{
"Name": "managed_app_s",
"Type": "string"
},
{
"Name": "userip_s",
"Type": "string"
},
{
"Name": "resp_cnt_d",
"Type": "real"
},
{
"Name": "dst_timezone_s",
"Type": "string"
},
{
"Name": "protocol_s",
"Type": "string"
},
{
"Name": "hostname_s",
"Type": "string"
},
{
"Name": "dlp_profile_s",
"Type": "string"
},
{
"Name": "to_user_s",
"Type": "string"
},
{
"Name": "parent_id_s",
"Type": "string"
},
{
"Name": "CononicalName_s",
"Type": "string"
},
{
"Name": "dlp_rule_s",
"Type": "string"
},
{
"Name": "total_collaborator_count_d",
"Type": "real"
},
{
"Name": "sha256_s",
"Type": "string"
},
{
"Name": "shared_with_s",
"Type": "string"
},
{
"Name": "dsthost_s",
"Type": "string"
},
{
"Name": "severity_s",
"Type": "string"
},
{
"Name": "suppression_end_time_d",
"Type": "real"
},
{
"Name": "dlp_unique_count_d",
"Type": "real"
},
{
"Name": "audit_category_s",
"Type": "string"
},
{
"Name": "app_session_id_d",
"Type": "real"
},
{
"Name": "workspace_id_s",
"Type": "string"
},
{
"Name": "req_cnt_d",
"Type": "real"
},
{
"Name": "universal_connector_s",
"Type": "string"
},
{
"Name": "logintype_s",
"Type": "string"
},
{
"Name": "connection_id_d",
"Type": "real"
},
{
"Name": "app_activity_s",
"Type": "string"
},
{
"Name": "channel_id_s",
"Type": "string"
},
{
"Name": "src_timezone_s",
"Type": "string"
},
{
"Name": "numbytes_d",
"Type": "real"
},
{
"Name": "conn_duration_d",
"Type": "real"
},
{
"Name": "managementID_s",
"Type": "string"
},
{
"Name": "dlp_is_unique_count_s",
"Type": "string"
},
{
"Name": "dlp_mail_parent_id_s",
"Type": "string"
},
{
"Name": "from_user_category_s",
"Type": "string"
},
{
"Name": "policy_id_s",
"Type": "string"
},
{
"Name": "useragent_s",
"Type": "string"
},
{
"Name": "device_classification_s",
"Type": "string"
},
{
"Name": "dlp_file_s",
"Type": "string"
},
{
"Name": "dlp_rule_count_d",
"Type": "real"
},
{
"Name": "sAMAccountName_s",
"Type": "string"
},
{
"Name": "audit_type_s",
"Type": "string"
},
{
"Name": "telemetry_app_s",
"Type": "string"
},
{
"Name": "web_universal_connector_s",
"Type": "string"
},
{
"Name": "title_s",
"Type": "string"
},
{
"Name": "data_type_s",
"Type": "string"
},
{
"Name": "userPrincipalName_s",
"Type": "string"
},
{
"Name": "page_s",
"Type": "string"
},
{
"Name": "serial_s",
"Type": "string"
},
{
"Name": "sessionid_s",
"Type": "string"
},
{
"Name": "smtp_to_s",
"Type": "string"
},
{
"Name": "appsuite_s",
"Type": "string"
},
{
"Name": "log_file_name_s",
"Type": "string"
},
{
"Name": "dlp_parent_id_d",
"Type": "real"
},
{
"Name": "tss_mode_s",
"Type": "string"
},
{
"Name": "server_bytes_d",
"Type": "real"
},
{
"Name": "client_bytes_d",
"Type": "real"
},
{
"Name": "page_site_s",
"Type": "string"
},
{
"Name": "loginurl_s",
"Type": "string"
},
{
"Name": "os_version_s",
"Type": "string"
},
{
"Name": "fromlogs_s",
"Type": "string"
},
{
"Name": "true_obj_category_s",
"Type": "string"
},
{
"Name": "true_obj_type_s",
"Type": "string"
},
{
"Name": "browser_session_id_d",
"Type": "real"
},
{
"Name": "workspace_s",
"Type": "string"
},
{
"Name": "dlp_rule_severity_s",
"Type": "string"
},
{
"Name": "dstport_d",
"Type": "real"
},
{
"Name": "netskope_activity_s",
"Type": "string"
},
{
"Name": "data_center_s",
"Type": "string"
},
{
"Name": "dlp_incident_id_d",
"Type": "real"
},
{
"Name": "suppression_start_time_d",
"Type": "real"
},
{
"Name": "nsdeviceuid_s",
"Type": "string"
},
{
"Name": "org_s",
"Type": "string"
},
{
"Name": "src_time_s",
"Type": "string"
},
{
"Name": "user_id_s",
"Type": "string"
},
{
"Name": "custom_connector_s",
"Type": "string"
},
{
"Name": "transaction_id_d",
"Type": "real"
},
{
"Name": "user_category_s",
"Type": "string"
},
{
"Name": "netskope_pop_s",
"Type": "string"
},
{
"Name": "browser_version_s",
"Type": "string"
},
{
"Name": "from_user_s",
"Type": "string"
},
{
"Name": "referer_s",
"Type": "string"
},
{
"Name": "internal_collaborator_count_d",
"Type": "real"
},
{
"Name": "sanctioned_instance_s",
"Type": "string"
},
{
"Name": "notify_template_s",
"Type": "string"
},
{
"Name": "cci_s",
"Type": "string"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

101
.script/tests/KqlvalidationsTests/CustomTables/eventsauditdata_CL.json Normal file
Просмотреть файл

@ -0,0 +1,101 @@
{
"Name": "eventsauditdata_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "timestamp_d",
"Type": "real"
},
{
"Name": "type_s",
"Type": "string"
},
{
"Name": "user_s",
"Type": "string"
},
{
"Name": "severity_level_d",
"Type": "real"
},
{
"Name": "audit_log_event_s",
"Type": "string"
},
{
"Name": "supporting_data_data_type_s",
"Type": "string"
},
{
"Name": "supporting_data_data_values_s",
"Type": "string"
},
{
"Name": "organization_unit_s",
"Type": "string"
},
{
"Name": "ur_normalized_s",
"Type": "string"
},
{
"Name": "count_d",
"Type": "real"
},
{
"Name": "_id_s",
"Type": "string"
},
{
"Name": "details_s",
"Type": "string"
},
{
"Name": "sAMAccountName_s",
"Type": "string"
},
{
"Name": "ccl_s",
"Type": "string"
},
{
"Name": "userPrincipalName_s",
"Type": "string"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

241
.script/tests/KqlvalidationsTests/CustomTables/eventsconnectiondata_CL.json Normal file
Просмотреть файл

@ -0,0 +1,241 @@
{
"Name": "eventsconnectiondata_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "suppression_end_time_d",
"Type": "real"
},
{
"Name": "suppression_start_time_d",
"Type": "real"
},
{
"Name": "_id_s",
"Type": "string"
},
{
"Name": "access_method_s",
"Type": "string"
},
{
"Name": "app_s",
"Type": "string"
},
{
"Name": "appcategory_s",
"Type": "string"
},
{
"Name": "bypass_reason_s",
"Type": "string"
},
{
"Name": "bypass_traffic_s",
"Type": "string"
},
{
"Name": "Category",
"Type": "string"
},
{
"Name": "cci_d",
"Type": "real"
},
{
"Name": "ccl_s",
"Type": "string"
},
{
"Name": "connection_id_d",
"Type": "real"
},
{
"Name": "count_d",
"Type": "real"
},
{
"Name": "domain_s",
"Type": "string"
},
{
"Name": "dst_country_s",
"Type": "string"
},
{
"Name": "dst_latitude_d",
"Type": "real"
},
{
"Name": "dst_location_s",
"Type": "string"
},
{
"Name": "dst_longitude_d",
"Type": "real"
},
{
"Name": "dst_region_s",
"Type": "string"
},
{
"Name": "dst_timezone_s",
"Type": "string"
},
{
"Name": "dst_zipcode_s",
"Type": "string"
},
{
"Name": "dstip_s",
"Type": "string"
},
{
"Name": "dstport_d",
"Type": "real"
},
{
"Name": "incident_id_d",
"Type": "real"
},
{
"Name": "netskope_pop_s",
"Type": "string"
},
{
"Name": "organization_unit_s",
"Type": "string"
},
{
"Name": "other_categories_s",
"Type": "string"
},
{
"Name": "page_s",
"Type": "string"
},
{
"Name": "request_id_d",
"Type": "real"
},
{
"Name": "site_s",
"Type": "string"
},
{
"Name": "src_country_s",
"Type": "string"
},
{
"Name": "src_latitude_d",
"Type": "real"
},
{
"Name": "src_location_s",
"Type": "string"
},
{
"Name": "src_longitude_d",
"Type": "real"
},
{
"Name": "src_region_s",
"Type": "string"
},
{
"Name": "src_time_s",
"Type": "string"
},
{
"Name": "src_timezone_s",
"Type": "string"
},
{
"Name": "src_zipcode_s",
"Type": "string"
},
{
"Name": "srcip_s",
"Type": "string"
},
{
"Name": "ssl_decrypt_policy_s",
"Type": "string"
},
{
"Name": "timestamp_d",
"Type": "real"
},
{
"Name": "traffic_type_s",
"Type": "string"
},
{
"Name": "transaction_id_d",
"Type": "real"
},
{
"Name": "type_s",
"Type": "string"
},
{
"Name": "ur_normalized_s",
"Type": "string"
},
{
"Name": "url_s",
"Type": "string"
},
{
"Name": "user_s",
"Type": "string"
},
{
"Name": "user_generated_s",
"Type": "string"
},
{
"Name": "userip_s",
"Type": "string"
},
{
"Name": "userkey_s",
"Type": "string"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

245
.script/tests/KqlvalidationsTests/CustomTables/eventsincidentdata_CL.json Normal file
Просмотреть файл

@ -0,0 +1,245 @@
{
"Name": "eventsincidentdata_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "_id_s",
"Type": "string"
},
{
"Name": "access_method_s",
"Type": "string"
},
{
"Name": "acting_user_s",
"Type": "string"
},
{
"Name": "activity_s",
"Type": "string"
},
{
"Name": "app_s",
"Type": "string"
},
{
"Name": "app_session_id_d",
"Type": "real"
},
{
"Name": "assignee_s",
"Type": "string"
},
{
"Name": "connection_id_d",
"Type": "real"
},
{
"Name": "dlp_incident_id_d",
"Type": "real"
},
{
"Name": "dlp_match_info_s",
"Type": "string"
},
{
"Name": "dlp_parent_id_d",
"Type": "real"
},
{
"Name": "dst_location_s",
"Type": "string"
},
{
"Name": "file_lang_s",
"Type": "string"
},
{
"Name": "file_size_d",
"Type": "real"
},
{
"Name": "file_type_s",
"Type": "string"
},
{
"Name": "md5_g",
"Type": "string"
},
{
"Name": "object_id_s",
"Type": "string"
},
{
"Name": "object_type_s",
"Type": "string"
},
{
"Name": "severity_s",
"Type": "string"
},
{
"Name": "site_s",
"Type": "string"
},
{
"Name": "src_location_s",
"Type": "string"
},
{
"Name": "status_s",
"Type": "string"
},
{
"Name": "timestamp_d",
"Type": "real"
},
{
"Name": "title_s",
"Type": "string"
},
{
"Name": "true_obj_category_s",
"Type": "string"
},
{
"Name": "true_obj_type_s",
"Type": "string"
},
{
"Name": "url_s",
"Type": "string"
},
{
"Name": "user_s",
"Type": "string"
},
{
"Name": "referer_s",
"Type": "string"
},
{
"Name": "user_id_s",
"Type": "string"
},
{
"Name": "object_s",
"Type": "string"
},
{
"Name": "instance_id_s",
"Type": "string"
},
{
"Name": "from_user_s",
"Type": "string"
},
{
"Name": "to_user_s",
"Type": "string"
},
{
"Name": "channel_s",
"Type": "string"
},
{
"Name": "zip_file_id_s",
"Type": "string"
},
{
"Name": "destination_instance_id_s",
"Type": "string"
},
{
"Name": "instance_s",
"Type": "string"
},
{
"Name": "bcc_s",
"Type": "string"
},
{
"Name": "cc_s",
"Type": "string"
},
{
"Name": "inline_dlp_match_info_s",
"Type": "string"
},
{
"Name": "owner_s",
"Type": "string"
},
{
"Name": "original_file_snapshot_id_s",
"Type": "string"
},
{
"Name": "dlp_file_s",
"Type": "string"
},
{
"Name": "owner_pdl_s",
"Type": "string"
},
{
"Name": "destination_site_s",
"Type": "string"
},
{
"Name": "latest_incident_id_d",
"Type": "real"
},
{
"Name": "classification_s",
"Type": "string"
},
{
"Name": "destination_app_s",
"Type": "string"
},
{
"Name": "file_path_s",
"Type": "string"
},
{
"Name": "exposure_s",
"Type": "string"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

305
.script/tests/KqlvalidationsTests/CustomTables/eventsnetworkdata_CL.json Normal file
Просмотреть файл

@ -0,0 +1,305 @@
{
"Name": "eventsnetworkdata_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "_id_s",
"Type": "string"
},
{
"Name": "access_method_s",
"Type": "string"
},
{
"Name": "action_s",
"Type": "string"
},
{
"Name": "app_s",
"Type": "string"
},
{
"Name": "appcategory_s",
"Type": "string"
},
{
"Name": "Category",
"Type": "string"
},
{
"Name": "cci_d",
"Type": "real"
},
{
"Name": "ccl_s",
"Type": "string"
},
{
"Name": "client_bytes_d",
"Type": "real"
},
{
"Name": "client_packets_d",
"Type": "real"
},
{
"Name": "count_d",
"Type": "real"
},
{
"Name": "device_s",
"Type": "string"
},
{
"Name": "dst_country_s",
"Type": "string"
},
{
"Name": "dst_geoip_src_d",
"Type": "real"
},
{
"Name": "dst_latitude_d",
"Type": "real"
},
{
"Name": "dst_location_s",
"Type": "string"
},
{
"Name": "dst_longitude_d",
"Type": "real"
},
{
"Name": "dst_region_s",
"Type": "string"
},
{
"Name": "dst_zipcode_s",
"Type": "string"
},
{
"Name": "dstip_s",
"Type": "string"
},
{
"Name": "dstport_d",
"Type": "real"
},
{
"Name": "ip_protocol_s",
"Type": "string"
},
{
"Name": "numbytes_d",
"Type": "real"
},
{
"Name": "organization_unit_s",
"Type": "string"
},
{
"Name": "os_s",
"Type": "string"
},
{
"Name": "os_version_s",
"Type": "string"
},
{
"Name": "policy_s",
"Type": "string"
},
{
"Name": "protocol_s",
"Type": "string"
},
{
"Name": "publisher_name_s",
"Type": "string"
},
{
"Name": "server_bytes_d",
"Type": "real"
},
{
"Name": "server_packets_d",
"Type": "real"
},
{
"Name": "session_duration_d",
"Type": "real"
},
{
"Name": "site_s",
"Type": "string"
},
{
"Name": "src_country_s",
"Type": "string"
},
{
"Name": "src_geoip_src_d",
"Type": "real"
},
{
"Name": "src_latitude_d",
"Type": "real"
},
{
"Name": "src_location_s",
"Type": "string"
},
{
"Name": "src_longitude_d",
"Type": "real"
},
{
"Name": "src_region_s",
"Type": "string"
},
{
"Name": "src_zipcode_s",
"Type": "string"
},
{
"Name": "srcip_s",
"Type": "string"
},
{
"Name": "srcport_d",
"Type": "real"
},
{
"Name": "timestamp_d",
"Type": "real"
},
{
"Name": "total_packets_d",
"Type": "real"
},
{
"Name": "traffic_type_s",
"Type": "string"
},
{
"Name": "tunnel_id_s",
"Type": "string"
},
{
"Name": "tunnel_type_s",
"Type": "string"
},
{
"Name": "tunnel_up_time_d",
"Type": "real"
},
{
"Name": "type_s",
"Type": "string"
},
{
"Name": "ur_normalized_s",
"Type": "string"
},
{
"Name": "user_s",
"Type": "string"
},
{
"Name": "userip_s",
"Type": "string"
},
{
"Name": "userkey_s",
"Type": "string"
},
{
"Name": "dsthost_s",
"Type": "string"
},
{
"Name": "hostname_s",
"Type": "string"
},
{
"Name": "domain_s",
"Type": "string"
},
{
"Name": "network_session_id_s",
"Type": "string"
},
{
"Name": "publisher_cn_s",
"Type": "string"
},
{
"Name": "start_time_s",
"Type": "string"
},
{
"Name": "num_sessions_d",
"Type": "real"
},
{
"Name": "end_time_s",
"Type": "string"
},
{
"Name": "sAMAccountName_s",
"Type": "string"
},
{
"Name": "protocol_port_s",
"Type": "string"
},
{
"Name": "userPrincipalName_s",
"Type": "string"
},
{
"Name": "flow_status_s",
"Type": "string"
},
{
"Name": "cci_s",
"Type": "string"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

385
.script/tests/KqlvalidationsTests/CustomTables/eventspagedata_CL.json Normal file
Просмотреть файл

@ -0,0 +1,385 @@
{
"Name": "eventspagedata_CL",
"Properties": [
{
"Name": "TenantId",
"Type": "string"
},
{
"Name": "SourceSystem",
"Type": "string"
},
{
"Name": "MG",
"Type": "string"
},
{
"Name": "ManagementGroupName",
"Type": "string"
},
{
"Name": "TimeGenerated",
"Type": "datetime"
},
{
"Name": "Computer",
"Type": "string"
},
{
"Name": "RawData",
"Type": "string"
},
{
"Name": "_id_s",
"Type": "string"
},
{
"Name": "access_method_s",
"Type": "string"
},
{
"Name": "app_s",
"Type": "string"
},
{
"Name": "appcategory_s",
"Type": "string"
},
{
"Name": "bypass_reason_s",
"Type": "string"
},
{
"Name": "bypass_traffic_s",
"Type": "string"
},
{
"Name": "Category",
"Type": "string"
},
{
"Name": "cci_d",
"Type": "real"
},
{
"Name": "ccl_s",
"Type": "string"
},
{
"Name": "connection_id_d",
"Type": "real"
},
{
"Name": "count_d",
"Type": "real"
},
{
"Name": "domain_s",
"Type": "string"
},
{
"Name": "dst_country_s",
"Type": "string"
},
{
"Name": "dst_latitude_d",
"Type": "real"
},
{
"Name": "dst_location_s",
"Type": "string"
},
{
"Name": "dst_longitude_d",
"Type": "real"
},
{
"Name": "dst_region_s",
"Type": "string"
},
{
"Name": "dst_timezone_s",
"Type": "string"
},
{
"Name": "dst_zipcode_s",
"Type": "string"
},
{
"Name": "dstip_s",
"Type": "string"
},
{
"Name": "dstport_d",
"Type": "real"
},
{
"Name": "netskope_pop_s",
"Type": "string"
},
{
"Name": "organization_unit_s",
"Type": "string"
},
{
"Name": "other_categories_s",
"Type": "string"
},
{
"Name": "page_s",
"Type": "string"
},
{
"Name": "request_id_d",
"Type": "real"
},
{
"Name": "site_s",
"Type": "string"
},
{
"Name": "src_country_s",
"Type": "string"
},
{
"Name": "src_latitude_d",
"Type": "real"
},
{
"Name": "src_location_s",
"Type": "string"
},
{
"Name": "src_longitude_d",
"Type": "real"
},
{
"Name": "src_region_s",
"Type": "string"
},
{
"Name": "src_time_s",
"Type": "string"
},
{
"Name": "src_timezone_s",
"Type": "string"
},
{
"Name": "src_zipcode_s",
"Type": "string"
},
{
"Name": "srcip_s",
"Type": "string"
},
{
"Name": "ssl_decrypt_policy_s",
"Type": "string"
},
{
"Name": "timestamp_d",
"Type": "real"
},
{
"Name": "traffic_type_s",
"Type": "string"
},
{
"Name": "transaction_id_d",
"Type": "real"
},
{
"Name": "type_s",
"Type": "string"
},
{
"Name": "ur_normalized_s",
"Type": "string"
},
{
"Name": "url_s",
"Type": "string"
},
{
"Name": "user_s",
"Type": "string"
},
{
"Name": "user_generated_s",
"Type": "string"
},
{
"Name": "userip_s",
"Type": "string"
},
{
"Name": "userkey_s",
"Type": "string"
},
{
"Name": "server_bytes_d",
"Type": "real"
},
{
"Name": "browser_session_id_d",
"Type": "real"
},
{
"Name": "sessionid_s",
"Type": "string"
},
{
"Name": "fromlogs_s",
"Type": "string"
},
{
"Name": "browser_version_s",
"Type": "string"
},
{
"Name": "network_s",
"Type": "string"
},
{
"Name": "org_s",
"Type": "string"
},
{
"Name": "resp_content_type_s",
"Type": "string"
},
{
"Name": "conn_duration_d",
"Type": "real"
},
{
"Name": "policy_s",
"Type": "string"
},
{
"Name": "log_file_name_s",
"Type": "string"
},
{
"Name": "resp_cnt_d",
"Type": "real"
},
{
"Name": "severity_s",
"Type": "string"
},
{
"Name": "serial_s",
"Type": "string"
},
{
"Name": "hostname_s",
"Type": "string"
},
{
"Name": "suppression_start_time_d",
"Type": "real"
},
{
"Name": "conn_endtime_d",
"Type": "real"
},
{
"Name": "sAMAccountName_s",
"Type": "string"
},
{
"Name": "numbytes_d",
"Type": "real"
},
{
"Name": "req_cnt_d",
"Type": "real"
},
{
"Name": "src_geoip_src_d",
"Type": "real"
},
{
"Name": "forward_to_proxy_profile_s",
"Type": "string"
},
{
"Name": "resp_content_len_d",
"Type": "real"
},
{
"Name": "os_s",
"Type": "string"
},
{
"Name": "userPrincipalName_s",
"Type": "string"
},
{
"Name": "suppression_end_time_d",
"Type": "real"
},
{
"Name": "os_version_s",
"Type": "string"
},
{
"Name": "device_s",
"Type": "string"
},
{
"Name": "dynamic_classification_s",
"Type": "string"
},
{
"Name": "dst_geoip_src_d",
"Type": "real"
},
{
"Name": "CononicalName_s",
"Type": "string"
},
{
"Name": "conn_starttime_d",
"Type": "real"
},
{
"Name": "browser_s",
"Type": "string"
},
{
"Name": "dsthost_s",
"Type": "string"
},
{
"Name": "client_bytes_d",
"Type": "real"
},
{
"Name": "app_session_id_d",
"Type": "real"
},
{
"Name": "http_transaction_count_d",
"Type": "real"
},
{
"Name": "useragent_s",
"Type": "string"
},
{
"Name": "protocol_s",
"Type": "string"
},
{
"Name": "Type",
"Type": "string"
},
{
"Name": "_ResourceId",
"Type": "string"
}
]
}

4
.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
Просмотреть файл

@ -237,5 +237,7 @@
"FortinetFortiWebAma",
"InfobloxSOCInsightsDataConnector_API",
"InfobloxSOCInsightsDataConnector_Legacy",
"InfobloxSOCInsightsDataConnector_AMA"
"InfobloxSOCInsightsDataConnector_AMA",
"NetskopeDataConnector",
"NetskopeWebTransactionsDataConnector"
]

8
DataConnectors/microsoft-logstash-output-azure-loganalytics/README.md
Просмотреть файл

@ -68,8 +68,8 @@ input {
}
output {
microsoft-logstash-output-azure-loganalytics {
workspace_id => "4g5tad2b-a4u4-147v-a4r7-23148a5f2c21" # <your workspace id>
workspace_key => "u/saRtY0JGHJ4Ce93g5WQ3Lk50ZnZ8ugfd74nk78RPLPP/KgfnjU5478Ndh64sNfdrsMni975HJP6lp==" # <your workspace key>
workspace_id => "" # <your workspace id>
workspace_key => "" # <your workspace key>
custom_log_table_name => "tableName"
}
}
@ -87,8 +87,8 @@ input {
}
output {
microsoft-logstash-output-azure-loganalytics {
workspace_id => "4g5tad2b-a4u4-147v-a4r7-23148a5f2c21" # <your workspace id>
workspace_key => "u/saRtY0JGHJ4Ce93g5WQ3Lk50ZnZ8ugfd74nk78RPLPP/KgfnjU5478Ndh64sNfdrsMni975HJP6lp==" # <your workspace key>
workspace_id => "" # <your workspace id>
workspace_key => "" # <your workspace key>
custom_log_table_name => "tableName"
}
}

19
Logos/Netskope.svg Normal file
Просмотреть файл

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg id="c744aaa6-115c-47b7-8351-09817eff291e" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 74 11.57">
<g id="8205785d-fc47-444c-aece-43a1b00dfe90" >
<g id="7b63c848-0e7f-4895-8e3b-b6cf4c6fc9ee" >
<path id="1b610114-f4fc-4ca0-b133-a6544fc83587" d="M5.9,4.74c-.72-.26-1.29-.82-1.55-1.55-.11.27-.28.51-.49.71-.48.48-1.07.67-1.69.69h0C.95,4.64-.03,5.68,0,6.92c.03,1.24,1.07,2.22,2.31,2.19,1.22-.03,2.2-1.04,2.19-2.26.05-.59.23-1.16.68-1.62.21-.2.45-.37.71-.49Z" fill="#00a6ce"/>
<path id="c9aa538c-f004-458c-8d4b-02ddf8d19cd2" d="M17.54.7c-.88-.88-2.31-.88-3.19,0-.41.4-.64.95-.65,1.52h0c-.04.62-.21,1.21-.69,1.69-.21.21-.45.37-.71.49.72.26,1.3.83,1.56,1.55.11-.27.28-.51.49-.71.48-.48,1.07-.67,1.69-.69h0c.57-.01,1.12-.25,1.52-.65.87-.89.86-2.31-.01-3.2ZM16.76,3.1c-.22.21-.51.33-.81.33-.3,0-.59-.12-.81-.33-.45-.45-.45-1.17,0-1.62.22-.22.51-.34.81-.34.3,0,.59.12.81.33.44.45.44,1.18,0,1.63h0Z" fill="#ff8300"/>
<path id="2ffb7966-a7be-4950-9bb3-259653e3057d" d="M12.98,5.27c-.41-.41-.95-.64-1.53-.66h0c-.62-.03-1.21-.21-1.69-.7-.48-.48-.67-1.07-.69-1.69h0C9.03.99,8,0,6.75.05c-1.24.04-2.22,1.07-2.19,2.32.04,1.22,1.04,2.19,2.26,2.19.59.05,1.16.23,1.62.68s.65,1.02.68,1.62c0,1.24,1,2.26,2.24,2.26,1.24,0,2.26-1,2.26-2.24,0-.6-.23-1.18-.66-1.6h0Z" fill="#54565a"/>
<path id="c36c6531-83a5-4cdd-842f-a386c8fe33b6" d="M37.76,9.14c-1.14,0-1.85-.7-1.85-1.82V.48c0-.26.19-.47.45-.48,0,0,.02,0,.03,0,.26,0,.47.21.47.46,0,0,0,0,0,.01v2.33h1.68c.25-.01.47.19.48.44s-.19.47-.44.48c-.01,0-.02,0-.04,0h-1.68v3.56c0,.65.32.96,1,.96.17,0,.35-.03.51-.08.05-.02.11-.04.17-.04.25,0,.44.21.45.45,0,.19-.12.36-.31.42-.29.1-.6.15-.91.15Z" fill="#54565a"/>
<path id="aeb7d573-2eeb-4972-a544-b1293b43e6de" d="M42.8,9.14c-.87-.02-1.72-.3-2.43-.81-.11-.09-.17-.23-.18-.37,0-.26.22-.47.48-.48.11,0,.21.03.3.1.59.43,1.21.64,1.87.64.74,0,1.25-.39,1.25-.94v-.02c0-.51-.5-.75-1.44-1.01h-.02s-.02-.02-.02-.02c-.95-.27-2.13-.62-2.13-1.8v-.02c0-1.06.91-1.83,2.16-1.83.71.01,1.41.21,2.02.56h.01c.15.1.23.26.24.43,0,.27-.22.48-.49.48-.09,0-.17-.03-.25-.07-.51-.3-1.05-.46-1.56-.46-.69,0-1.17.34-1.17.84v.02c0,.5.63.71,1.52.98.79.22,2.09.58,2.09,1.85v.02c0,1.11-.94,1.92-2.25,1.92Z" fill="#54565a"/>
<path id="c2b1bf9b-d3df-4d7d-8dce-abfdc0c9dbf7" d="M47.12,9.07c-.26,0-.48-.2-.49-.46,0,0,0-.01,0-.02V.48c0-.26.21-.48.48-.48.26,0,.48.21.48.48h0v8.12c.02.24-.17.46-.41.48-.02,0-.04,0-.05,0Z" fill="#54565a"/>
<path id="830bbc1d-4d56-4f90-ba9b-3662ecaf4594" d="M56.09,9.17c-1.81,0-3.23-1.44-3.23-3.28v-.02c0-1.86,1.43-3.31,3.26-3.31s3.23,1.44,3.23,3.28v.02c0,1.85-1.42,3.31-3.26,3.31ZM56.09,3.48c-1.27,0-2.23,1.01-2.23,2.37v.02c0,1.33.99,2.39,2.26,2.39s2.23-1.01,2.23-2.37v-.02c0-1.34-.99-2.39-2.26-2.39Z" fill="#54565a"/>
<path id="248b4289-b6c5-4d7c-96e5-744c85c3b3ad" d="M31.41,9.17c-1.77,0-3.1-1.42-3.1-3.29v-.02c0-1.84,1.32-3.29,3.01-3.29s2.91,1.38,2.91,3.27c-.01.25-.22.46-.48.46h-3.25c-.25,0-.44-.2-.44-.44s.2-.44.44-.44h2.7c-.13-.93-.69-1.92-1.92-1.92-1.01,0-1.82.8-1.99,1.94l-.02.19c-.02.18-.02.37,0,.55h0c.12,1.24,1,2.09,2.13,2.09.69,0,1.26-.24,1.8-.76.08-.09.2-.13.32-.13.26,0,.47.2.48.46,0,0,0,0,0,0,0,.13-.06.25-.15.33-.69.7-1.41,1.01-2.43,1.01Z" fill="#54565a"/>
<path id="1a5829f5-ec5e-44c8-9a7b-f645cbe44d14" d="M61.06,11.57c-.26,0-.48-.2-.49-.46,0,0,0-.02,0-.02v-5.52c0-1.82,1.41-3.01,3.07-3.01,1.81,0,3.23,1.44,3.23,3.28v.02c0,1.85-1.43,3.31-3.26,3.31-.82,0-1.56-.3-2.09-.84v2.76c0,.28-.19.49-.47.49ZM61.53,6.15c.11,1.2.92,2.05,2.01,2.1h.12c.38,0,.75-.09,1.08-.28.04-.02.06-.04.09-.06.27-.18.5-.42.66-.7.02-.04.04-.06.06-.09.04-.06.07-.13.09-.2.13-.32.2-.67.2-1.02v-.02c0-.28-.04-.56-.13-.83-.02-.07-.05-.14-.08-.21-.02-.07-.06-.14-.1-.2-.19-.35-.48-.65-.82-.86-.03-.02-.06-.04-.1-.05-.06-.03-.13-.06-.2-.08-.14-.05-.28-.09-.43-.12-.07-.01-.15-.02-.23-.02h-.12c-1.15,0-1.99.84-2.1,2.09h0v.57h-.01Z" fill="#54565a"/>
<path id="1ad5c67a-2e00-4395-b8ea-6583b8d99fe2" d="M51.76,9.09c-.13,0-.25-.05-.34-.14l-2.95-2.98c-.18-.17-.19-.46-.02-.64v-.02s2.7-2.48,2.7-2.48c.08-.09.19-.15.31-.15.12-.01.25.02.34.11.2.17.23.47.06.68l-.02.02-2.38,2.16,2.63,2.66c.09.09.14.22.14.34,0,.13-.05.25-.14.33-.09.08-.2.12-.32.12Z" fill="#54565a"/>
<path id="f3c16b09-bb4c-4884-8982-97bfccec3da0" d="M26.44,9.17c-.27,0-.48-.21-.49-.48,0,0,0,0,0,0v-3.33c0-1.17-.64-1.86-1.72-1.86s-1.72.69-1.72,1.86v3.33c0,.27-.21.48-.48.49,0,0,0,0-.01,0-.26,0-.47-.2-.48-.46,0-.01,0-.02,0-.03v-3.42c0-1.62,1.02-2.66,2.59-2.66h.17c1.58,0,2.59,1.05,2.59,2.66v3.42c.03.24-.14.46-.38.48-.02,0-.05,0-.07,0Z" fill="#54565a"/>
<path id="56411250-7a8c-4a80-81f6-24477f1d9bcd" d="M71.18,9.17c-1.77,0-3.1-1.42-3.1-3.29v-.02c0-1.84,1.32-3.29,3.01-3.29s2.91,1.38,2.91,3.27c0,.26-.22.46-.48.46h-3.23c-.25,0-.44-.2-.44-.44s.2-.44.44-.44h2.7c-.13-.93-.69-1.92-1.92-1.92-1.01,0-1.82.81-1.99,1.95l-.03.18c-.02.18-.02.37,0,.55h0c.12,1.24,1,2.09,2.13,2.09.69,0,1.26-.24,1.8-.76.08-.09.2-.13.32-.13.26,0,.47.2.48.46,0,0,0,0,0,0,0,.13-.06.25-.15.33-.7.7-1.44,1.01-2.44,1.01Z" fill="#54565a"/>
</g>
</g>
</svg>
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 4.9 KiB

10
Sample Data/Custom/Netskope/NetskopeWebtxData_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,10 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,cs_uri_query_g,date_s,time_s,time_taken_s,cs_bytes_s,sc_bytes_s,bytes_s,c_ip_s,s_ip_s,cs_username_s,cs_method_s,cs_uri_scheme_s,cs_uri_query_s,cs_user_agent_s,cs_content_type_s,sc_status_s,sc_content_type_s,cs_dns_s,cs_host_s,cs_uri_s,cs_uri_port_s,cs_referer_s,x_cs_session_id_s,x_cs_access_method_s,x_cs_app_s,x_s_country_s,x_s_latitude_s,x_s_longitude_s,x_s_location_s,x_s_region_s,x_s_zipcode_s,x_c_country_s,x_c_latitude_s,x_c_longitude_s,x_c_location_s,x_c_region_s,x_c_zipcode_s,x_c_os_s,x_c_browser_s,x_c_browser_version_s,x_c_device_s,x_cs_site_s,x_cs_timestamp_s,x_cs_page_id_s,x_cs_userip_s,x_cs_traffic_type_s,x_cs_tunnel_id_s,x_category_s,x_other_category_s,x_type_s,x_server_ssl_err_s,x_client_ssl_err_s,x_transaction_id_s,x_request_id_s,x_cs_sni_s,x_cs_domain_fronted_sni_s,x_category_id_s,x_other_category_id_s,x_sr_headers_name_s,x_sr_headers_value_s,x_cs_ssl_ja3_g,x_sr_ssl_ja3s_s,x_ssl_bypass_s,x_ssl_bypass_reason_s,x_r_cert_subject_cn_s,x_r_cert_issuer_cn_s,x_r_cert_startdate_s,x_r_cert_enddate_s,x_r_cert_valid_s,x_r_cert_expired_s,x_r_cert_untrusted_root_s,x_r_cert_incomplete_chain_s,x_r_cert_self_signed_s,x_r_cert_revoked_s,x_r_cert_revocation_check_s,x_r_cert_mismatch_s,x_cs_ssl_fronting_error_s,x_cs_ssl_handshake_error_s,x_sr_ssl_handshake_error_s,x_sr_ssl_client_certificate_error_s,x_sr_ssl_malformed_ssl_s,x_s_custom_signing_ca_error_s,x_cs_ssl_engine_action_s,x_cs_ssl_engine_action_reason_s,x_sr_ssl_engine_action_s,x_sr_ssl_engine_action_reason_s,x_ssl_policy_src_ip_s,x_ssl_policy_dst_ip_s,x_ssl_policy_dst_host_s,x_ssl_policy_dst_host_source_s,x_ssl_policy_categories_s,x_ssl_policy_action_s,x_ssl_policy_name_s,x_cs_ssl_version_s,x_cs_ssl_cipher_s,x_sr_ssl_version_s,x_sr_ssl_cipher_s,x_cs_src_ip_egress_s,x_s_dp_name_s,x_cs_src_ip_s,x_cs_src_port_s,x_cs_dst_ip_s,x_cs_dst_port_s,x_sr_src_ip_s,x_sr_src_port_s,x_sr_dst_ip_s,x_sr_dst_port_s,x_cs_ip_connect_xff_s,x_cs_ip_xff_s,x_cs_connect_host_s,x_cs_connect_port_s,x_cs_connect_user_agent_s,x_cs_url_s,x_cs_uri_path_s,x_cs_http_version_s,rs_status_s,x_cs_app_category_s,x_cs_app_cci_s,x_cs_app_ccl_s,x_cs_app_tags_s,x_cs_app_suite_s,x_cs_app_instance_id_s,x_cs_app_instance_name_s,x_cs_app_instance_tag_s,x_cs_app_activity_s,x_cs_app_from_user_s,x_cs_app_to_user_s,x_cs_app_object_type_s,x_cs_app_object_name_s,x_cs_app_object_id_s,x_rs_file_type_s,x_rs_file_category_s,x_rs_file_language_s,x_rs_file_size_s,x_rs_file_md5_s,x_rs_file_sha256_s,x_error_s,x_c_local_time_s,x_policy_action_s,x_policy_name_s,x_policy_src_ip_s,x_policy_dst_ip_s,x_policy_dst_host_s,x_policy_dst_host_source_s,x_policy_justification_type_s,x_policy_justification_reason_s,x_sc_notification_name_s,netskope_api_host_name_s,x_cs_ssl_ja3_s,x_rs_file_md5_g,Type,_ResourceId
abcd-efg-hijk,RestAPI,,,"2/20/2024, 3:51:25 PM",,,,2024-02-20,15:51:11,208,4802,90903,95705,1.2.3.4,5.6.7.8,dummyuser@something.com,GET,http,-,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36",-,200,text/html; charset=utf-8,www.msnbc.com,www.msnbc.com,/,443,-,6326394171326945461,Client,msnbc,US,47.353,-111.9543,Santa Clara,California,95052,US,47.1835,-111.7714,San Jose,California,95141,Windows Server 2016,Chrome,119.0.0.0,Windows Device,msnbc,1708444271,0,1.1.1.1,Web,-,News & Media,All Categories,http_transaction,-,-,5216593391501189756,2780252508038218752,www.msnbc.com,-,537,10001,-,-,0858b1a5-d5c4-d5a8-cf16-09a87c74d42f,NotAvailable,No,-,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,No,No,NotChecked,NotChecked,NotChecked,NotChecked,Allow,Established,None,NotEstablished,2.2.2.2,3.3.3.3,www.msnbc.com,Sni,"News & Media, All Categories",Decrypt,-,TLSv1.3,ABC_TLS_AES_256_GCM_SHA123,NotChecked,NotChecked,4.4.4.4,US-SFO1,5.5.5.5,58871,6.6.6.6,443,-,-,7.7.7.7,860,-,-,-,-,-,http://www.msnbc.com:443/,/,HTTP1.1,200,-,-,-,-,-,-,-,-,Browse,-,-,File,-,-,text/html,Text,-,-,-,-,-,2024-02-20 7:50:08,allow_default,DefaultAction,8.8.8.8,9.9.9.9,www.msnbc.com,HttpHostHeader,-,-,-,allces.goskope.com,,,NetskopeWebtxData_CL,
abcd-efg-hijk,RestAPI,,,"2/20/2024, 3:51:25 PM",,,,2024-02-20,15:51:13,37,4779,628,5407,1.2.3.4,5.6.7.8,dummyuser@something.com,GET,https,-,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36",-,304,video/mp4,www.msnbc.com,www.msnbc.com,/_next/static/src/assets/videos/28978261684cd12447cbff1287190620.mp4,443,https://www.msnbc.com/,6326394171326945461,Client,msnbc,US,47.353,-111.9543,Santa Clara,California,95052,US,47.1835,-111.7714,San Jose,California,95141,Windows Server 2016,Chrome,119.0.0.0,Windows Device,msnbc,1708444273,1261774939245039714,1.1.1.1,Web,-,News & Media,All Categories,http_transaction,-,-,6424739376955203561,2780252519153124352,www.msnbc.com,-,537,10001,-,-,0858b1a5-d5c4-d5a8-cf16-09a87c74d42f,NotAvailable,No,-,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,No,No,NotChecked,NotChecked,NotChecked,NotChecked,Allow,Established,None,NotEstablished,-,-,-,Unknown,-,Decrypt,-,TLSv1.3,ABC_TLS_AES_256_GCM_SHA124,NotChecked,NotChecked,4.4.4.4,US-SFO1,5.5.5.5,58871,6.6.6.6,443,-,-,7.7.7.7,860,-,-,-,-,-,https://www.msnbc.com/_next/static/src/assets/videos/28978261684cd12447cbff12871,/_next/static/src/assets/videos/28978261684cd12447cbff1287190620.mp4,HTTP1.1,304,-,-,-,-,-,-,-,-,Browse,-,-,-,-,-,-,-,-,-,-,-,-,2024-02-20 7:51:08,allow_default,DefaultAction,8.8.8.8,9.9.9.9,www.msnbc.com,HttpHostHeader,-,-,-,allces.goskope.com,,,NetskopeWebtxData_CL,
abcd-efg-hijk,RestAPI,,,"2/20/2024, 3:51:25 PM",,,,2024-02-20,15:51:13,76,4712,2238,6950,1.2.3.4,5.6.7.8,dummyuser@something.com,GET,http,-,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36",-,200,application/json; charset=utf-8,www.msnbc.com,www.msnbc.com,/services/tve/schedule/msnbc,443,https://www.msnbc.com/,6326394171326945461,Client,msnbc,US,47.353,-111.9543,Santa Clara,California,95052,US,47.1835,-111.7714,San Jose,California,95141,Windows Server 2016,Chrome,119.0.0.0,Windows Device,msnbc,1708444273,1261774939245039714,1.1.1.1,Web,-,News & Media,All Categories,http_transaction,-,-,2184596302302331693,2780252519153124096,www.msnbc.com,-,537,10001,-,-,911a5621-894f-4d83-92ca-88415c3c7818,NotAvailable,No,-,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,No,No,NotChecked,NotChecked,NotChecked,NotChecked,Allow,Established,None,NotEstablished,2.2.2.2,3.3.3.3,www.msnbc.com,Sni,"News & Media, All Categories",Decrypt,-,TLSv1.3,ABC_TLS_AES_256_GCM_SHA125,NotChecked,NotChecked,4.4.4.4,US-SFO1,5.5.5.5,58871,6.6.6.6,443,-,-,7.7.7.7,871,-,-,-,-,-,http://www.msnbc.com:443/services/tve/schedule/ms,/services/tve/schedule/msnbc,HTTP1.1,200,-,-,-,-,-,-,-,-,Browse,-,-,File,-,-,text/plain,Text,-,-,-,-,-,2024-02-20 7:51:08,allow_default,DefaultAction,8.8.8.8,9.9.9.9,www.msnbc.com,HttpHostHeader,-,-,-,allces.goskope.com,,,NetskopeWebtxData_CL,
abcd-efg-hijk,RestAPI,,,"2/20/2024, 3:51:25 PM",,,,2024-02-20,15:51:13,45,4714,957,5671,1.2.3.4,5.6.7.8,dummyuser@something.com,GET,https,-,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36",-,200,application/json; charset=utf-8,www.msnbc.com,www.msnbc.com,/services/miniPlayerTease/msnbc,443,https://www.msnbc.com/,6326394171326945461,Client,msnbc,US,47.353,-111.9543,Santa Clara,California,95052,US,47.1835,-111.7714,San Jose,California,95141,Windows Server 2016,Chrome,119.0.0.0,Windows Device,msnbc,1708444273,1261774939245039714,1.1.1.1,Web,-,News & Media,All Categories,http_transaction,-,-,1300544121152535217,2780252520495301632,www.msnbc.com,-,537,10001,-,-,0858b1a5-d5c4-d5a8-cf16-09a87c74d42f,NotAvailable,No,-,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,No,No,NotChecked,NotChecked,NotChecked,NotChecked,Allow,Established,None,NotEstablished,-,-,-,Unknown,-,Decrypt,-,TLSv1.3,ABC_TLS_AES_256_GCM_SHA126,NotChecked,NotChecked,4.4.4.4,US-SFO1,5.5.5.5,58871,6.6.6.6,443,-,-,7.7.7.7,860,-,-,-,-,-,https://www.msnbc.com/services/miniPlayerTease/ms,/services/miniPlayerTease/msnbc,HTTP1.1,200,-,-,-,-,-,-,-,-,Browse,-,-,File,-,-,text/plain,Text,-,-,-,-,-,2024-02-20 7:51:08,allow_default,DefaultAction,8.8.8.8,9.9.9.9,www.msnbc.com,HttpHostHeader,-,-,-,allces.goskope.com,,,NetskopeWebtxData_CL,
abcd-efg-hijk,RestAPI,,,"2/20/2024, 3:51:25 PM",,,,2024-02-20,15:43:30,365,5215,2322213,2327428,1.2.3.4,5.6.7.8,dummyuser@something.com,GET,http,stream=MSNBC_TVE&mvpdHash=null&mpid=1745196552392127496&timestamp=1708443731265&usPrivacy=1YNN&autoplay=true&mutedAutoplay=true&token_Widevine=9cde749626f145b857802ef96df16b5d93ac82187cc4e6e2aa9337cb1fda028f&token_Fairplay=05e22acc2cc44851d8a9d89b9a76e6b40c8f3c11c7b2b4a85d11f0ca6f2e2a74&token_PlayReady=c8ea61a415c018fad0ac61ef758b95cb41ca78f8282c866082f8172e60b66e16&initialWidth=280&childId=core-video&parentTitle=MSNBC%20News%20-%20Breaking%20News%20and%20News%20Today%20%7C%20Latest%20News&parentUrl=https%3A%2F%2Fwww.msnbc.com%2F,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36",-,200,text/html; charset=UTF-8,www.msnbc.com,www.msnbc.com,/sigma.html?stream=MSNBC_TVE&mvpdHash=null&mpid=1745196552392127496&timestamp=1708443731265&usPrivacy=1YNN&autoplay=true&mutedAutoplay=true&token_Widevine=9cde749626f145b857802ef96df16b5d93ac82187cc4e6e2aa9337cb1fda028f&token_Fairplay=05e22acc2cc44851d8a9d89b9a76e6b40c8f3c11c7b2b4a85d11f0ca6f2e2a74&token_PlayReady=c8ea61a415c018fad0ac61ef758b95cb41ca78f8282c866082f8172e60b66e16&initialWidth=280&childId=core-video&parentTitle=MSNBC%20News%20-%20Breaking%20News%20and%20News%20Today%20%7C%20Latest%20News&parentUrl=https%3A%2F%2Fwww.msnbc.com%2F,443,https://www.msnbc.com/,6326394171326945461,Client,msnbc,US,47.353,-111.9543,Santa Clara,California,95052,US,47.1835,-111.7714,San Jose,California,95141,Windows Server 2016,Chrome,119.0.0.0,Windows Device,msnbc,1708443810,3067349774468027936,1.1.1.1,Web,-,News & Media,All Categories,http_transaction,-,-,4018871287092426288,2780248636326532352,www.msnbc.com,-,537,10001,-,-,2add0d93-df10-8807-866a-2bffbb3340b2,NotAvailable,No,-,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,No,No,NotChecked,NotChecked,NotChecked,NotChecked,Allow,Established,None,NotEstablished,2.2.2.2,3.3.3.3,www.msnbc.com,Sni,"News & Media, All Categories",Decrypt,-,TLSv1.3,ABC_TLS_AES_256_GCM_SHA127,NotChecked,NotChecked,4.4.4.4,US-SFO1,5.5.5.5,58871,6.6.6.6,443,-,-,7.7.7.7,889,-,-,-,-,-,http://www.msnbc.com:443/sigma.html?stream=MSNBC_TVE&mvpdHash=null&mpid=1745196552392127496&timestamp=1708443731265&usPrivacy=1YNN&autoplay=true&mutedAutoplay=true&token_Widevine=9cde749626f145b857802ef96df16b5d93ac82187cc4e6e2aa9337cb1fda028f&token_Fairplay=05e22acc2cc44851d8a9d89b9a76e6b40c8f3c11c7b2b4a85d11f0ca6f2e2a74&token_PlayReady=c8ea61a415c018fad0ac61ef758b95cb41ca78f8282c866082f8172e60b66e16&initialWidth=280&childId=core-video&parentUrl=https%3A%2F,/sigma.html,HTTP1.1,200,-,-,-,-,-,-,-,-,Browse,-,-,File,-,-,text/html,Text,-,-,-,-,-,2024-02-20 7:43:08,allow_default,DefaultAction,8.8.8.8,9.9.9.9,www.msnbc.com,HttpHostHeader,-,-,-,allces.goskope.com,,,NetskopeWebtxData_CL,
abcd-efg-hijk,RestAPI,,,"2/20/2024, 3:51:26 PM",,,,2024-02-20,15:51:18,356,5311,2322213,2327524,1.2.3.4,5.6.7.8,dummyuser@something.com,GET,http,stream=MSNBC_TVE&mvpdHash=null&mpid=1745196552392127496&timestamp=1708444212571&usPrivacy=1YNN&autoplay=true&mutedAutoplay=true&token_Widevine=44fd56038b7914e0db57f0f1ab63bb2a39e372979ada489d0b5f55ee37c98c93&token_Fairplay=7600640cf4d0eac4b95acf4b0231eb16b83cdf77542cc47d26fe2740959e702d&token_PlayReady=2b70b8e2bc410baa90cc8f78208f2c96c94bf1024b117ad54a783dadfc7a5657&initialWidth=280&childId=core-video&parentTitle=MSNBC%20News%20-%20Breaking%20News%20and%20News%20Today%20%7C%20Latest%20News&parentUrl=https%3A%2F%2Fwww.msnbc.com%2F,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36",-,200,text/html; charset=UTF-8,www.msnbc.com,www.msnbc.com,/sigma.html?stream=MSNBC_TVE&mvpdHash=null&mpid=1745196552392127496&timestamp=1708444212571&usPrivacy=1YNN&autoplay=true&mutedAutoplay=true&token_Widevine=44fd56038b7914e0db57f0f1ab63bb2a39e372979ada489d0b5f55ee37c98c93&token_Fairplay=7600640cf4d0eac4b95acf4b0231eb16b83cdf77542cc47d26fe2740959e702d&token_PlayReady=2b70b8e2bc410baa90cc8f78208f2c96c94bf1024b117ad54a783dadfc7a5657&initialWidth=280&childId=core-video&parentTitle=MSNBC%20News%20-%20Breaking%20News%20and%20News%20Today%20%7C%20Latest%20News&parentUrl=https%3A%2F%2Fwww.msnbc.com%2F,443,https://www.msnbc.com/,6326394171326945461,Client,msnbc,US,47.353,-111.9543,Santa Clara,California,95052,US,47.1835,-111.7714,San Jose,California,95141,Windows Server 2016,Chrome,119.0.0.0,Windows Device,msnbc,1708444278,1261774939245039714,1.1.1.1,Web,-,News & Media,All Categories,http_transaction,-,-,8879759428117034966,2780252561070994432,www.msnbc.com,-,537,10001,-,-,292929e8-1ca3-2211-49d6-3c4532381d06,NotAvailable,No,-,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,No,No,NotChecked,NotChecked,NotChecked,NotChecked,Allow,Established,None,NotEstablished,2.2.2.2,3.3.3.3,www.msnbc.com,Sni,"News & Media, All Categories",Decrypt,-,TLSv1.3,ABC_TLS_AES_256_GCM_SHA128,NotChecked,NotChecked,4.4.4.4,US-SFO1,5.5.5.5,58871,6.6.6.6,443,-,-,7.7.7.7,806,-,-,-,-,-,http://www.msnbc.com:443/sigma.html?stream=MSNBC_TVE&mvpdHash=null&mpid=1745196552392127496&timestamp=1708444212571&usPrivacy=1YNN&autoplay=true&mutedAutoplay=true&token_Widevine=44fd56038b7914e0db57f0f1ab63bb2a39e372979ada489d0b5f55ee37c98c93&token_Fairplay=7600640cf4d0eac4b95acf4b0231eb16b83cdf77542cc47d26fe2740959e702d&token_PlayReady=2b70b8e2bc410baa90cc8f78208f2c96c94bf1024b117ad54a783dadfc7a5657&initialWidth=280&childId=core-video&parentTitle=MSNBC%20News%20-%20Breaking%20News%20and%20News%20Today%20%7C%20Latest%20News&parentUrl=https%3A%2F%2Fwww.msnbc.com%2F,/sigma.html,HTTP1.1,200,-,-,-,-,-,-,-,-,Browse,-,-,File,-,-,text/html,Text,-,-,-,-,-,2024-02-20 7:51:08,allow_default,DefaultAction,8.8.8.8,9.9.9.9,www.msnbc.com,HttpHostHeader,-,-,-,allces.goskope.com,,,NetskopeWebtxData_CL,
abcd-efg-hijk,RestAPI,,,"2/20/2024, 3:51:26 PM",,,,2024-02-20,15:43:21,124,4109,88750,92859,1.2.3.4,5.6.7.8,dummyuser@something.com,GET,http,-,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36",-,200,text/html; charset=utf-8,www.msnbc.com,www.msnbc.com,/,443,-,6326394171326945461,Client,msnbc,US,47.353,-111.9543,Santa Clara,California,95052,US,47.1835,-111.7714,San Jose,California,95141,Windows Server 2016,Chrome,119.0.0.0,Windows Device,msnbc,1708443801,0,1.1.1.1,Web,-,News & Media,All Categories,http_transaction,-,-,8965014869871943343,2780248560938100992,www.msnbc.com,-,537,10001,-,-,690a2b56-28cd-0dee-4636-1189923000f3,NotAvailable,No,-,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,No,No,NotChecked,NotChecked,NotChecked,NotChecked,Allow,Established,None,NotEstablished,2.2.2.2,3.3.3.3,www.msnbc.com,Sni,"News & Media, All Categories",Decrypt,-,TLSv1.3,ABC_TLS_AES_256_GCM_SHA129,NotChecked,NotChecked,4.4.4.4,US-SFO1,5.5.5.5,58871,6.6.6.6,443,-,-,7.7.7.7,852,-,-,-,-,-,http://www.msnbc.com:44,/,HTTP1.1,200,-,-,-,-,-,-,-,-,Browse,-,-,File,-,-,text/html,Text,-,-,-,-,-,2024-02-20 7:43:08,allow_default,DefaultAction,8.8.8.8,9.9.9.9,www.msnbc.com,HttpHostHeader,-,-,-,allces.goskope.com,,,NetskopeWebtxData_CL,
abcd-efg-hijk,RestAPI,,,"2/20/2024, 3:51:26 PM",,,,2024-02-20,15:43:23,69,4162,2238,6400,1.2.3.4,5.6.7.8,dummyuser@something.com,GET,https,-,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36",-,200,application/json; charset=utf-8,www.msnbc.com,www.msnbc.com,/services/tve/schedule/msnbc,443,https://www.msnbc.com/,6326394171326945461,Client,msnbc,US,47.353,-111.9543,Santa Clara,California,95052,US,47.1835,-111.7714,San Jose,California,95141,Windows Server 2016,Chrome,119.0.0.0,Windows Device,msnbc,1708443803,3067349774468027936,1.1.1.1,Web,-,News & Media,All Categories,http_transaction,-,-,4662318295215182777,2780248576666740992,www.msnbc.com,-,537,10001,-,-,690a2b56-28cd-0dee-4636-1189923000f3,NotAvailable,No,-,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,No,No,NotChecked,NotChecked,NotChecked,NotChecked,Allow,Established,None,NotEstablished,-,-,-,Unknown,-,Decrypt,-,TLSv1.3,ABC_TLS_AES_256_GCM_SHA130,NotChecked,NotChecked,4.4.4.4,US-SFO1,5.5.5.5,58871,6.6.6.6,443,-,-,7.7.7.7,852,-,-,-,-,-,https://www.msnbc.com/services/tve/schedule/ms,/services/tve/schedule/msnbc,HTTP1.1,200,-,-,-,-,-,-,-,-,Browse,-,-,File,-,-,text/plain,Text,-,-,-,-,-,2024-02-20 7:43:08,allow_default,DefaultAction,8.8.8.8,9.9.9.9,www.msnbc.com,HttpHostHeader,-,-,-,allces.goskope.com,,,NetskopeWebtxData_CL,
abcd-efg-hijk,RestAPI,,,"2/20/2024, 3:51:26 PM",,,,2024-02-20,15:43:23,29,4229,628,4857,1.2.3.4,5.6.7.8,dummyuser@something.com,GET,http,-,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36",-,304,video/mp4,www.msnbc.com,www.msnbc.com,/_next/static/src/assets/videos/28978261684cd12447cbff1287190620.mp4,443,https://www.msnbc.com/,6326394171326945461,Client,msnbc,US,47.353,-111.9543,Santa Clara,California,95052,US,47.1835,-111.7714,San Jose,California,95141,Windows Server 2016,Chrome,119.0.0.0,Windows Device,msnbc,1708443803,3067349774468027936,1.1.1.1,Web,-,News & Media,All Categories,http_transaction,-,-,7355203339990228596,2780248577933419264,www.msnbc.com,-,537,10001,-,-,4d800cd2-7490-febe-bb8b-2ee57fe86587,NotAvailable,No,-,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,NotChecked,No,No,NotChecked,NotChecked,NotChecked,NotChecked,Allow,Established,None,NotEstablished,2.2.2.2,3.3.3.3,www.msnbc.com,Sni,"News & Media, All Categories",Decrypt,-,TLSv1.3,ABC_TLS_AES_256_GCM_SHA131,NotChecked,NotChecked,4.4.4.4,US-SFO1,5.5.5.5,58871,6.6.6.6,443,-,-,7.7.7.7,882,-,-,-,-,-,http://www.msnbc.com:443/_next/static/src/assets/videos/28978261684cd12447cb,/_next/static/src/assets/videos/28978261684cd12447cbff1287190620.mp4,HTTP1.1,304,-,-,-,-,-,-,-,-,Browse,-,-,-,-,-,-,-,-,-,-,-,-,2024-02-20 7:43:08,allow_default,DefaultAction,8.8.8.8,9.9.9.9,www.msnbc.com,HttpHostHeader,-,-,-,allces.goskope.com,,,NetskopeWebtxData_CL,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData cs_uri_query_g date_s time_s time_taken_s cs_bytes_s sc_bytes_s bytes_s c_ip_s s_ip_s cs_username_s cs_method_s cs_uri_scheme_s cs_uri_query_s cs_user_agent_s cs_content_type_s sc_status_s sc_content_type_s cs_dns_s cs_host_s cs_uri_s cs_uri_port_s cs_referer_s x_cs_session_id_s x_cs_access_method_s x_cs_app_s x_s_country_s x_s_latitude_s x_s_longitude_s x_s_location_s x_s_region_s x_s_zipcode_s x_c_country_s x_c_latitude_s x_c_longitude_s x_c_location_s x_c_region_s x_c_zipcode_s x_c_os_s x_c_browser_s x_c_browser_version_s x_c_device_s x_cs_site_s x_cs_timestamp_s x_cs_page_id_s x_cs_userip_s x_cs_traffic_type_s x_cs_tunnel_id_s x_category_s x_other_category_s x_type_s x_server_ssl_err_s x_client_ssl_err_s x_transaction_id_s x_request_id_s x_cs_sni_s x_cs_domain_fronted_sni_s x_category_id_s x_other_category_id_s x_sr_headers_name_s x_sr_headers_value_s x_cs_ssl_ja3_g x_sr_ssl_ja3s_s x_ssl_bypass_s x_ssl_bypass_reason_s x_r_cert_subject_cn_s x_r_cert_issuer_cn_s x_r_cert_startdate_s x_r_cert_enddate_s x_r_cert_valid_s x_r_cert_expired_s x_r_cert_untrusted_root_s x_r_cert_incomplete_chain_s x_r_cert_self_signed_s x_r_cert_revoked_s x_r_cert_revocation_check_s x_r_cert_mismatch_s x_cs_ssl_fronting_error_s x_cs_ssl_handshake_error_s x_sr_ssl_handshake_error_s x_sr_ssl_client_certificate_error_s x_sr_ssl_malformed_ssl_s x_s_custom_signing_ca_error_s x_cs_ssl_engine_action_s x_cs_ssl_engine_action_reason_s x_sr_ssl_engine_action_s x_sr_ssl_engine_action_reason_s x_ssl_policy_src_ip_s x_ssl_policy_dst_ip_s x_ssl_policy_dst_host_s x_ssl_policy_dst_host_source_s x_ssl_policy_categories_s x_ssl_policy_action_s x_ssl_policy_name_s x_cs_ssl_version_s x_cs_ssl_cipher_s x_sr_ssl_version_s x_sr_ssl_cipher_s x_cs_src_ip_egress_s x_s_dp_name_s x_cs_src_ip_s x_cs_src_port_s x_cs_dst_ip_s x_cs_dst_port_s x_sr_src_ip_s x_sr_src_port_s x_sr_dst_ip_s x_sr_dst_port_s x_cs_ip_connect_xff_s x_cs_ip_xff_s x_cs_connect_host_s x_cs_connect_port_s x_cs_connect_user_agent_s x_cs_url_s x_cs_uri_path_s x_cs_http_version_s rs_status_s x_cs_app_category_s x_cs_app_cci_s x_cs_app_ccl_s x_cs_app_tags_s x_cs_app_suite_s x_cs_app_instance_id_s x_cs_app_instance_name_s x_cs_app_instance_tag_s x_cs_app_activity_s x_cs_app_from_user_s x_cs_app_to_user_s x_cs_app_object_type_s x_cs_app_object_name_s x_cs_app_object_id_s x_rs_file_type_s x_rs_file_category_s x_rs_file_language_s x_rs_file_size_s x_rs_file_md5_s x_rs_file_sha256_s x_error_s x_c_local_time_s x_policy_action_s x_policy_name_s x_policy_src_ip_s x_policy_dst_ip_s x_policy_dst_host_s x_policy_dst_host_source_s x_policy_justification_type_s x_policy_justification_reason_s x_sc_notification_name_s netskope_api_host_name_s x_cs_ssl_ja3_s x_rs_file_md5_g Type _ResourceId
2 abcd-efg-hijk RestAPI 2/20/2024, 3:51:25 PM 2024-02-20 15:51:11 208 4802 90903 95705 1.2.3.4 5.6.7.8 dummyuser@something.com GET http - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 - 200 text/html; charset=utf-8 www.msnbc.com www.msnbc.com / 443 - 6326394171326945461 Client msnbc US 47.353 -111.9543 Santa Clara California 95052 US 47.1835 -111.7714 San Jose California 95141 Windows Server 2016 Chrome 119.0.0.0 Windows Device msnbc 1708444271 0 1.1.1.1 Web - News & Media All Categories http_transaction - - 5216593391501189756 2780252508038218752 www.msnbc.com - 537 10001 - - 0858b1a5-d5c4-d5a8-cf16-09a87c74d42f NotAvailable No - NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked No No NotChecked NotChecked NotChecked NotChecked Allow Established None NotEstablished 2.2.2.2 3.3.3.3 www.msnbc.com Sni News & Media, All Categories Decrypt - TLSv1.3 ABC_TLS_AES_256_GCM_SHA123 NotChecked NotChecked 4.4.4.4 US-SFO1 5.5.5.5 58871 6.6.6.6 443 - - 7.7.7.7 860 - - - - - http://www.msnbc.com:443/ / HTTP1.1 200 - - - - - - - - Browse - - File - - text/html Text - - - - - 2024-02-20 7:50:08 allow_default DefaultAction 8.8.8.8 9.9.9.9 www.msnbc.com HttpHostHeader - - - allces.goskope.com NetskopeWebtxData_CL
3 abcd-efg-hijk RestAPI 2/20/2024, 3:51:25 PM 2024-02-20 15:51:13 37 4779 628 5407 1.2.3.4 5.6.7.8 dummyuser@something.com GET https - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 - 304 video/mp4 www.msnbc.com www.msnbc.com /_next/static/src/assets/videos/28978261684cd12447cbff1287190620.mp4 443 https://www.msnbc.com/ 6326394171326945461 Client msnbc US 47.353 -111.9543 Santa Clara California 95052 US 47.1835 -111.7714 San Jose California 95141 Windows Server 2016 Chrome 119.0.0.0 Windows Device msnbc 1708444273 1261774939245039714 1.1.1.1 Web - News & Media All Categories http_transaction - - 6424739376955203561 2780252519153124352 www.msnbc.com - 537 10001 - - 0858b1a5-d5c4-d5a8-cf16-09a87c74d42f NotAvailable No - NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked No No NotChecked NotChecked NotChecked NotChecked Allow Established None NotEstablished - - - Unknown - Decrypt - TLSv1.3 ABC_TLS_AES_256_GCM_SHA124 NotChecked NotChecked 4.4.4.4 US-SFO1 5.5.5.5 58871 6.6.6.6 443 - - 7.7.7.7 860 - - - - - https://www.msnbc.com/_next/static/src/assets/videos/28978261684cd12447cbff12871 /_next/static/src/assets/videos/28978261684cd12447cbff1287190620.mp4 HTTP1.1 304 - - - - - - - - Browse - - - - - - - - - - - - 2024-02-20 7:51:08 allow_default DefaultAction 8.8.8.8 9.9.9.9 www.msnbc.com HttpHostHeader - - - allces.goskope.com NetskopeWebtxData_CL
4 abcd-efg-hijk RestAPI 2/20/2024, 3:51:25 PM 2024-02-20 15:51:13 76 4712 2238 6950 1.2.3.4 5.6.7.8 dummyuser@something.com GET http - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 - 200 application/json; charset=utf-8 www.msnbc.com www.msnbc.com /services/tve/schedule/msnbc 443 https://www.msnbc.com/ 6326394171326945461 Client msnbc US 47.353 -111.9543 Santa Clara California 95052 US 47.1835 -111.7714 San Jose California 95141 Windows Server 2016 Chrome 119.0.0.0 Windows Device msnbc 1708444273 1261774939245039714 1.1.1.1 Web - News & Media All Categories http_transaction - - 2184596302302331693 2780252519153124096 www.msnbc.com - 537 10001 - - 911a5621-894f-4d83-92ca-88415c3c7818 NotAvailable No - NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked No No NotChecked NotChecked NotChecked NotChecked Allow Established None NotEstablished 2.2.2.2 3.3.3.3 www.msnbc.com Sni News & Media, All Categories Decrypt - TLSv1.3 ABC_TLS_AES_256_GCM_SHA125 NotChecked NotChecked 4.4.4.4 US-SFO1 5.5.5.5 58871 6.6.6.6 443 - - 7.7.7.7 871 - - - - - http://www.msnbc.com:443/services/tve/schedule/ms /services/tve/schedule/msnbc HTTP1.1 200 - - - - - - - - Browse - - File - - text/plain Text - - - - - 2024-02-20 7:51:08 allow_default DefaultAction 8.8.8.8 9.9.9.9 www.msnbc.com HttpHostHeader - - - allces.goskope.com NetskopeWebtxData_CL
5 abcd-efg-hijk RestAPI 2/20/2024, 3:51:25 PM 2024-02-20 15:51:13 45 4714 957 5671 1.2.3.4 5.6.7.8 dummyuser@something.com GET https - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 - 200 application/json; charset=utf-8 www.msnbc.com www.msnbc.com /services/miniPlayerTease/msnbc 443 https://www.msnbc.com/ 6326394171326945461 Client msnbc US 47.353 -111.9543 Santa Clara California 95052 US 47.1835 -111.7714 San Jose California 95141 Windows Server 2016 Chrome 119.0.0.0 Windows Device msnbc 1708444273 1261774939245039714 1.1.1.1 Web - News & Media All Categories http_transaction - - 1300544121152535217 2780252520495301632 www.msnbc.com - 537 10001 - - 0858b1a5-d5c4-d5a8-cf16-09a87c74d42f NotAvailable No - NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked No No NotChecked NotChecked NotChecked NotChecked Allow Established None NotEstablished - - - Unknown - Decrypt - TLSv1.3 ABC_TLS_AES_256_GCM_SHA126 NotChecked NotChecked 4.4.4.4 US-SFO1 5.5.5.5 58871 6.6.6.6 443 - - 7.7.7.7 860 - - - - - https://www.msnbc.com/services/miniPlayerTease/ms /services/miniPlayerTease/msnbc HTTP1.1 200 - - - - - - - - Browse - - File - - text/plain Text - - - - - 2024-02-20 7:51:08 allow_default DefaultAction 8.8.8.8 9.9.9.9 www.msnbc.com HttpHostHeader - - - allces.goskope.com NetskopeWebtxData_CL
6 abcd-efg-hijk RestAPI 2/20/2024, 3:51:25 PM 2024-02-20 15:43:30 365 5215 2322213 2327428 1.2.3.4 5.6.7.8 dummyuser@something.com GET http stream=MSNBC_TVE&mvpdHash=null&mpid=1745196552392127496&timestamp=1708443731265&usPrivacy=1YNN&autoplay=true&mutedAutoplay=true&token_Widevine=9cde749626f145b857802ef96df16b5d93ac82187cc4e6e2aa9337cb1fda028f&token_Fairplay=05e22acc2cc44851d8a9d89b9a76e6b40c8f3c11c7b2b4a85d11f0ca6f2e2a74&token_PlayReady=c8ea61a415c018fad0ac61ef758b95cb41ca78f8282c866082f8172e60b66e16&initialWidth=280&childId=core-video&parentTitle=MSNBC%20News%20-%20Breaking%20News%20and%20News%20Today%20%7C%20Latest%20News&parentUrl=https%3A%2F%2Fwww.msnbc.com%2F Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 - 200 text/html; charset=UTF-8 www.msnbc.com www.msnbc.com /sigma.html?stream=MSNBC_TVE&mvpdHash=null&mpid=1745196552392127496&timestamp=1708443731265&usPrivacy=1YNN&autoplay=true&mutedAutoplay=true&token_Widevine=9cde749626f145b857802ef96df16b5d93ac82187cc4e6e2aa9337cb1fda028f&token_Fairplay=05e22acc2cc44851d8a9d89b9a76e6b40c8f3c11c7b2b4a85d11f0ca6f2e2a74&token_PlayReady=c8ea61a415c018fad0ac61ef758b95cb41ca78f8282c866082f8172e60b66e16&initialWidth=280&childId=core-video&parentTitle=MSNBC%20News%20-%20Breaking%20News%20and%20News%20Today%20%7C%20Latest%20News&parentUrl=https%3A%2F%2Fwww.msnbc.com%2F 443 https://www.msnbc.com/ 6326394171326945461 Client msnbc US 47.353 -111.9543 Santa Clara California 95052 US 47.1835 -111.7714 San Jose California 95141 Windows Server 2016 Chrome 119.0.0.0 Windows Device msnbc 1708443810 3067349774468027936 1.1.1.1 Web - News & Media All Categories http_transaction - - 4018871287092426288 2780248636326532352 www.msnbc.com - 537 10001 - - 2add0d93-df10-8807-866a-2bffbb3340b2 NotAvailable No - NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked No No NotChecked NotChecked NotChecked NotChecked Allow Established None NotEstablished 2.2.2.2 3.3.3.3 www.msnbc.com Sni News & Media, All Categories Decrypt - TLSv1.3 ABC_TLS_AES_256_GCM_SHA127 NotChecked NotChecked 4.4.4.4 US-SFO1 5.5.5.5 58871 6.6.6.6 443 - - 7.7.7.7 889 - - - - - http://www.msnbc.com:443/sigma.html?stream=MSNBC_TVE&mvpdHash=null&mpid=1745196552392127496&timestamp=1708443731265&usPrivacy=1YNN&autoplay=true&mutedAutoplay=true&token_Widevine=9cde749626f145b857802ef96df16b5d93ac82187cc4e6e2aa9337cb1fda028f&token_Fairplay=05e22acc2cc44851d8a9d89b9a76e6b40c8f3c11c7b2b4a85d11f0ca6f2e2a74&token_PlayReady=c8ea61a415c018fad0ac61ef758b95cb41ca78f8282c866082f8172e60b66e16&initialWidth=280&childId=core-video&parentUrl=https%3A%2F /sigma.html HTTP1.1 200 - - - - - - - - Browse - - File - - text/html Text - - - - - 2024-02-20 7:43:08 allow_default DefaultAction 8.8.8.8 9.9.9.9 www.msnbc.com HttpHostHeader - - - allces.goskope.com NetskopeWebtxData_CL
7 abcd-efg-hijk RestAPI 2/20/2024, 3:51:26 PM 2024-02-20 15:51:18 356 5311 2322213 2327524 1.2.3.4 5.6.7.8 dummyuser@something.com GET http stream=MSNBC_TVE&mvpdHash=null&mpid=1745196552392127496&timestamp=1708444212571&usPrivacy=1YNN&autoplay=true&mutedAutoplay=true&token_Widevine=44fd56038b7914e0db57f0f1ab63bb2a39e372979ada489d0b5f55ee37c98c93&token_Fairplay=7600640cf4d0eac4b95acf4b0231eb16b83cdf77542cc47d26fe2740959e702d&token_PlayReady=2b70b8e2bc410baa90cc8f78208f2c96c94bf1024b117ad54a783dadfc7a5657&initialWidth=280&childId=core-video&parentTitle=MSNBC%20News%20-%20Breaking%20News%20and%20News%20Today%20%7C%20Latest%20News&parentUrl=https%3A%2F%2Fwww.msnbc.com%2F Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 - 200 text/html; charset=UTF-8 www.msnbc.com www.msnbc.com /sigma.html?stream=MSNBC_TVE&mvpdHash=null&mpid=1745196552392127496&timestamp=1708444212571&usPrivacy=1YNN&autoplay=true&mutedAutoplay=true&token_Widevine=44fd56038b7914e0db57f0f1ab63bb2a39e372979ada489d0b5f55ee37c98c93&token_Fairplay=7600640cf4d0eac4b95acf4b0231eb16b83cdf77542cc47d26fe2740959e702d&token_PlayReady=2b70b8e2bc410baa90cc8f78208f2c96c94bf1024b117ad54a783dadfc7a5657&initialWidth=280&childId=core-video&parentTitle=MSNBC%20News%20-%20Breaking%20News%20and%20News%20Today%20%7C%20Latest%20News&parentUrl=https%3A%2F%2Fwww.msnbc.com%2F 443 https://www.msnbc.com/ 6326394171326945461 Client msnbc US 47.353 -111.9543 Santa Clara California 95052 US 47.1835 -111.7714 San Jose California 95141 Windows Server 2016 Chrome 119.0.0.0 Windows Device msnbc 1708444278 1261774939245039714 1.1.1.1 Web - News & Media All Categories http_transaction - - 8879759428117034966 2780252561070994432 www.msnbc.com - 537 10001 - - 292929e8-1ca3-2211-49d6-3c4532381d06 NotAvailable No - NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked No No NotChecked NotChecked NotChecked NotChecked Allow Established None NotEstablished 2.2.2.2 3.3.3.3 www.msnbc.com Sni News & Media, All Categories Decrypt - TLSv1.3 ABC_TLS_AES_256_GCM_SHA128 NotChecked NotChecked 4.4.4.4 US-SFO1 5.5.5.5 58871 6.6.6.6 443 - - 7.7.7.7 806 - - - - - http://www.msnbc.com:443/sigma.html?stream=MSNBC_TVE&mvpdHash=null&mpid=1745196552392127496&timestamp=1708444212571&usPrivacy=1YNN&autoplay=true&mutedAutoplay=true&token_Widevine=44fd56038b7914e0db57f0f1ab63bb2a39e372979ada489d0b5f55ee37c98c93&token_Fairplay=7600640cf4d0eac4b95acf4b0231eb16b83cdf77542cc47d26fe2740959e702d&token_PlayReady=2b70b8e2bc410baa90cc8f78208f2c96c94bf1024b117ad54a783dadfc7a5657&initialWidth=280&childId=core-video&parentTitle=MSNBC%20News%20-%20Breaking%20News%20and%20News%20Today%20%7C%20Latest%20News&parentUrl=https%3A%2F%2Fwww.msnbc.com%2F /sigma.html HTTP1.1 200 - - - - - - - - Browse - - File - - text/html Text - - - - - 2024-02-20 7:51:08 allow_default DefaultAction 8.8.8.8 9.9.9.9 www.msnbc.com HttpHostHeader - - - allces.goskope.com NetskopeWebtxData_CL
8 abcd-efg-hijk RestAPI 2/20/2024, 3:51:26 PM 2024-02-20 15:43:21 124 4109 88750 92859 1.2.3.4 5.6.7.8 dummyuser@something.com GET http - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 - 200 text/html; charset=utf-8 www.msnbc.com www.msnbc.com / 443 - 6326394171326945461 Client msnbc US 47.353 -111.9543 Santa Clara California 95052 US 47.1835 -111.7714 San Jose California 95141 Windows Server 2016 Chrome 119.0.0.0 Windows Device msnbc 1708443801 0 1.1.1.1 Web - News & Media All Categories http_transaction - - 8965014869871943343 2780248560938100992 www.msnbc.com - 537 10001 - - 690a2b56-28cd-0dee-4636-1189923000f3 NotAvailable No - NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked No No NotChecked NotChecked NotChecked NotChecked Allow Established None NotEstablished 2.2.2.2 3.3.3.3 www.msnbc.com Sni News & Media, All Categories Decrypt - TLSv1.3 ABC_TLS_AES_256_GCM_SHA129 NotChecked NotChecked 4.4.4.4 US-SFO1 5.5.5.5 58871 6.6.6.6 443 - - 7.7.7.7 852 - - - - - http://www.msnbc.com:44 / HTTP1.1 200 - - - - - - - - Browse - - File - - text/html Text - - - - - 2024-02-20 7:43:08 allow_default DefaultAction 8.8.8.8 9.9.9.9 www.msnbc.com HttpHostHeader - - - allces.goskope.com NetskopeWebtxData_CL
9 abcd-efg-hijk RestAPI 2/20/2024, 3:51:26 PM 2024-02-20 15:43:23 69 4162 2238 6400 1.2.3.4 5.6.7.8 dummyuser@something.com GET https - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 - 200 application/json; charset=utf-8 www.msnbc.com www.msnbc.com /services/tve/schedule/msnbc 443 https://www.msnbc.com/ 6326394171326945461 Client msnbc US 47.353 -111.9543 Santa Clara California 95052 US 47.1835 -111.7714 San Jose California 95141 Windows Server 2016 Chrome 119.0.0.0 Windows Device msnbc 1708443803 3067349774468027936 1.1.1.1 Web - News & Media All Categories http_transaction - - 4662318295215182777 2780248576666740992 www.msnbc.com - 537 10001 - - 690a2b56-28cd-0dee-4636-1189923000f3 NotAvailable No - NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked No No NotChecked NotChecked NotChecked NotChecked Allow Established None NotEstablished - - - Unknown - Decrypt - TLSv1.3 ABC_TLS_AES_256_GCM_SHA130 NotChecked NotChecked 4.4.4.4 US-SFO1 5.5.5.5 58871 6.6.6.6 443 - - 7.7.7.7 852 - - - - - https://www.msnbc.com/services/tve/schedule/ms /services/tve/schedule/msnbc HTTP1.1 200 - - - - - - - - Browse - - File - - text/plain Text - - - - - 2024-02-20 7:43:08 allow_default DefaultAction 8.8.8.8 9.9.9.9 www.msnbc.com HttpHostHeader - - - allces.goskope.com NetskopeWebtxData_CL
10 abcd-efg-hijk RestAPI 2/20/2024, 3:51:26 PM 2024-02-20 15:43:23 29 4229 628 4857 1.2.3.4 5.6.7.8 dummyuser@something.com GET http - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 - 304 video/mp4 www.msnbc.com www.msnbc.com /_next/static/src/assets/videos/28978261684cd12447cbff1287190620.mp4 443 https://www.msnbc.com/ 6326394171326945461 Client msnbc US 47.353 -111.9543 Santa Clara California 95052 US 47.1835 -111.7714 San Jose California 95141 Windows Server 2016 Chrome 119.0.0.0 Windows Device msnbc 1708443803 3067349774468027936 1.1.1.1 Web - News & Media All Categories http_transaction - - 7355203339990228596 2780248577933419264 www.msnbc.com - 537 10001 - - 4d800cd2-7490-febe-bb8b-2ee57fe86587 NotAvailable No - NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked NotChecked No No NotChecked NotChecked NotChecked NotChecked Allow Established None NotEstablished 2.2.2.2 3.3.3.3 www.msnbc.com Sni News & Media, All Categories Decrypt - TLSv1.3 ABC_TLS_AES_256_GCM_SHA131 NotChecked NotChecked 4.4.4.4 US-SFO1 5.5.5.5 58871 6.6.6.6 443 - - 7.7.7.7 882 - - - - - http://www.msnbc.com:443/_next/static/src/assets/videos/28978261684cd12447cb /_next/static/src/assets/videos/28978261684cd12447cbff1287190620.mp4 HTTP1.1 304 - - - - - - - - Browse - - - - - - - - - - - - 2024-02-20 7:43:08 allow_default DefaultAction 8.8.8.8 9.9.9.9 www.msnbc.com HttpHostHeader - - - allces.goskope.com NetskopeWebtxData_CL

11
Sample Data/Custom/Netskope/NetskopeWebtxErrors_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,11 @@
TenantId,SourceSystem,MG,ManagementGroupName,"TimeGenerated [UTC]",Computer,RawData,"error_s",Type,"_ResourceId"
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/21/2024, 7:38:24.168 AM",,,"600 : WebTx : (method=<module>) : Not receiving any messages from pubsub since time-21/02/2024 07:38:23","NetskopeWebtxErrors_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/21/2024, 7:18:24.552 AM",,,"600 : WebTx : (method=<module>) : Not receiving any messages from pubsub since time-21/02/2024 07:18:23","NetskopeWebtxErrors_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"3/4/2024, 6:43:46.559 AM",,,"Webtx Authentication : WebTx : (method=generate_sub_key_path) : Not authorized to use this feature. This is a licensed feature, please contact Netskope support to purchase.","NetskopeWebtxErrors_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"3/4/2024, 6:44:10.107 AM",,,"Invalid Netskope Hostname : WebTx : (method=get_sub_key_path) : The provided Netskope Hostname might be empty, Kindly verify and Enter Credentials again.","NetskopeWebtxErrors_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"3/4/2024, 6:44:23.832 AM",,,"Webtx Token Empty : WebTx : (method=generate_sub_key_path) : Please configure the ""Netskope Account"" which is configured with V2 token.","NetskopeWebtxErrors_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/26/2024, 12:05:35.022 PM",,,"200 : WebTx : (method=<module>) : Not receiving any messages from pubsub since time-26/02/2024 12:05:34","NetskopeWebtxErrors_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/26/2024, 1:05:10.401 PM",,,"200 : WebTx : (method=<module>) : Not receiving any messages from pubsub since time-26/02/2024 13:05:09","NetskopeWebtxErrors_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/26/2024, 1:13:05.221 PM",,,"200 : WebTx : (method=<module>) : Not receiving any messages from pubsub since time-26/02/2024 13:13:05","NetskopeWebtxErrors_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/27/2024, 6:37:21.146 AM",,,"200 : WebTx : (method=<module>) : Not receiving any messages from pubsub since time-27/02/2024 06:37:20","NetskopeWebtxErrors_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/27/2024, 7:05:07.929 AM",,,"200 : WebTx : (method=<module>) : Not receiving any messages from pubsub since time-27/02/2024 07:05:06","NetskopeWebtxErrors_CL",
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData error_s Type _ResourceId
2 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/21/2024, 7:38:24.168 AM 600 : WebTx : (method=<module>) : Not receiving any messages from pubsub since time-21/02/2024 07:38:23 NetskopeWebtxErrors_CL
3 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/21/2024, 7:18:24.552 AM 600 : WebTx : (method=<module>) : Not receiving any messages from pubsub since time-21/02/2024 07:18:23 NetskopeWebtxErrors_CL
4 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 3/4/2024, 6:43:46.559 AM Webtx Authentication : WebTx : (method=generate_sub_key_path) : Not authorized to use this feature. This is a licensed feature, please contact Netskope support to purchase. NetskopeWebtxErrors_CL
5 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 3/4/2024, 6:44:10.107 AM Invalid Netskope Hostname : WebTx : (method=get_sub_key_path) : The provided Netskope Hostname might be empty, Kindly verify and Enter Credentials again. NetskopeWebtxErrors_CL
6 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 3/4/2024, 6:44:23.832 AM Webtx Token Empty : WebTx : (method=generate_sub_key_path) : Please configure the "Netskope Account" which is configured with V2 token. NetskopeWebtxErrors_CL
7 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/26/2024, 12:05:35.022 PM 200 : WebTx : (method=<module>) : Not receiving any messages from pubsub since time-26/02/2024 12:05:34 NetskopeWebtxErrors_CL
8 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/26/2024, 1:05:10.401 PM 200 : WebTx : (method=<module>) : Not receiving any messages from pubsub since time-26/02/2024 13:05:09 NetskopeWebtxErrors_CL
9 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/26/2024, 1:13:05.221 PM 200 : WebTx : (method=<module>) : Not receiving any messages from pubsub since time-26/02/2024 13:13:05 NetskopeWebtxErrors_CL
10 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/27/2024, 6:37:21.146 AM 200 : WebTx : (method=<module>) : Not receiving any messages from pubsub since time-27/02/2024 06:37:20 NetskopeWebtxErrors_CL
11 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/27/2024, 7:05:07.929 AM 200 : WebTx : (method=<module>) : Not receiving any messages from pubsub since time-27/02/2024 07:05:06 NetskopeWebtxErrors_CL

121
Sample Data/Custom/Netskope/Netskope_WebTx_metrics_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,121 @@
TenantId,SourceSystem,MG,ManagementGroupName,"TimeGenerated [UTC]",Computer,RawData,"timestamp_t [UTC]","backlog_message_count_d","oldest_unacked_message_age_s",Type,"_ResourceId"
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/19/2024, 8:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/19/2024, 7:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/19/2024, 6:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/19/2024, 5:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/19/2024, 4:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/19/2024, 3:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/19/2024, 2:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/19/2024, 1:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/19/2024, 12:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/18/2024, 11:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/18/2024, 10:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/18/2024, 9:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/18/2024, 8:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/18/2024, 7:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/18/2024, 6:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/18/2024, 5:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/18/2024, 4:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/18/2024, 3:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/18/2024, 2:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/18/2024, 1:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/18/2024, 12:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/18/2024, 11:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/18/2024, 10:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:01.365 AM",,,"2/18/2024, 9:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/19/2024, 8:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/19/2024, 7:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/19/2024, 6:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/19/2024, 5:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/19/2024, 4:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/19/2024, 3:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/19/2024, 2:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/19/2024, 1:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/19/2024, 12:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/18/2024, 11:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/18/2024, 10:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/18/2024, 9:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/18/2024, 8:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/18/2024, 7:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/18/2024, 6:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/18/2024, 5:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/18/2024, 4:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/18/2024, 3:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/18/2024, 2:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/18/2024, 1:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/18/2024, 12:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/18/2024, 11:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/18/2024, 10:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 8:20:35.573 AM",,,"2/18/2024, 9:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/19/2024, 7:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/19/2024, 6:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/19/2024, 5:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/19/2024, 4:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/19/2024, 3:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/19/2024, 2:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/19/2024, 1:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/19/2024, 12:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/18/2024, 11:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/18/2024, 10:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/18/2024, 9:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/18/2024, 8:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/18/2024, 7:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/18/2024, 6:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/18/2024, 5:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/18/2024, 4:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/18/2024, 3:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/18/2024, 2:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/18/2024, 1:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/18/2024, 12:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/18/2024, 11:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/18/2024, 10:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/18/2024, 9:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:35:01.089 AM",,,"2/18/2024, 8:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/19/2024, 7:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/19/2024, 6:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/19/2024, 5:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/19/2024, 4:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/19/2024, 3:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/19/2024, 2:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/19/2024, 1:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/19/2024, 12:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/18/2024, 11:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/18/2024, 10:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/18/2024, 9:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/18/2024, 8:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/18/2024, 7:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/18/2024, 6:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/18/2024, 5:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/18/2024, 4:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/18/2024, 3:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/18/2024, 2:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/18/2024, 1:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/18/2024, 12:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/18/2024, 11:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/18/2024, 10:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/18/2024, 9:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:30:00.972 AM",,,"2/18/2024, 8:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/19/2024, 7:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/19/2024, 6:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/19/2024, 5:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/19/2024, 4:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/19/2024, 3:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/19/2024, 2:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/19/2024, 1:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/19/2024, 12:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/18/2024, 11:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/18/2024, 10:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/18/2024, 9:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/18/2024, 8:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/18/2024, 7:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/18/2024, 6:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/18/2024, 5:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/18/2024, 4:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/18/2024, 3:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/18/2024, 2:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/18/2024, 1:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/18/2024, 12:00:00.000 PM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/18/2024, 11:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/18/2024, 10:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/18/2024, 9:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
"acd8fb14-e664-4b90-a4fd-1456cbfdbacd",RestAPI,,,"2/19/2024, 7:31:01.562 AM",,,"2/18/2024, 8:00:00.000 AM",0,"0hours, 0minutes","Netskope_WebTx_metrics_CL",
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData timestamp_t [UTC] backlog_message_count_d oldest_unacked_message_age_s Type _ResourceId
2 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/19/2024, 8:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
3 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/19/2024, 7:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
4 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/19/2024, 6:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
5 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/19/2024, 5:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
6 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/19/2024, 4:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
7 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/19/2024, 3:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
8 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/19/2024, 2:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
9 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/19/2024, 1:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
10 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/19/2024, 12:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
11 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/18/2024, 11:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
12 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/18/2024, 10:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
13 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/18/2024, 9:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
14 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/18/2024, 8:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
15 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/18/2024, 7:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
16 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/18/2024, 6:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
17 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/18/2024, 5:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
18 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/18/2024, 4:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
19 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/18/2024, 3:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
20 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/18/2024, 2:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
21 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/18/2024, 1:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
22 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/18/2024, 12:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
23 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/18/2024, 11:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
24 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/18/2024, 10:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
25 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:01.365 AM 2/18/2024, 9:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
26 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/19/2024, 8:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
27 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/19/2024, 7:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
28 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/19/2024, 6:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
29 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/19/2024, 5:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
30 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/19/2024, 4:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
31 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/19/2024, 3:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
32 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/19/2024, 2:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
33 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/19/2024, 1:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
34 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/19/2024, 12:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
35 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/18/2024, 11:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
36 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/18/2024, 10:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
37 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/18/2024, 9:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
38 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/18/2024, 8:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
39 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/18/2024, 7:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
40 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/18/2024, 6:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
41 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/18/2024, 5:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
42 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/18/2024, 4:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
43 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/18/2024, 3:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
44 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/18/2024, 2:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
45 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/18/2024, 1:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
46 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/18/2024, 12:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
47 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/18/2024, 11:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
48 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/18/2024, 10:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
49 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 8:20:35.573 AM 2/18/2024, 9:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
50 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/19/2024, 7:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
51 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/19/2024, 6:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
52 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/19/2024, 5:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
53 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/19/2024, 4:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
54 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/19/2024, 3:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
55 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/19/2024, 2:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
56 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/19/2024, 1:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
57 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/19/2024, 12:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
58 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/18/2024, 11:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
59 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/18/2024, 10:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
60 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/18/2024, 9:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
61 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/18/2024, 8:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
62 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/18/2024, 7:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
63 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/18/2024, 6:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
64 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/18/2024, 5:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
65 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/18/2024, 4:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
66 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/18/2024, 3:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
67 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/18/2024, 2:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
68 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/18/2024, 1:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
69 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/18/2024, 12:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
70 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/18/2024, 11:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
71 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/18/2024, 10:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
72 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/18/2024, 9:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
73 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:35:01.089 AM 2/18/2024, 8:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
74 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/19/2024, 7:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
75 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/19/2024, 6:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
76 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/19/2024, 5:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
77 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/19/2024, 4:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
78 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/19/2024, 3:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
79 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/19/2024, 2:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
80 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/19/2024, 1:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
81 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/19/2024, 12:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
82 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/18/2024, 11:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
83 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/18/2024, 10:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
84 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/18/2024, 9:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
85 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/18/2024, 8:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
86 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/18/2024, 7:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
87 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/18/2024, 6:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
88 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/18/2024, 5:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
89 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/18/2024, 4:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
90 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/18/2024, 3:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
91 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/18/2024, 2:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
92 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/18/2024, 1:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
93 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/18/2024, 12:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
94 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/18/2024, 11:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
95 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/18/2024, 10:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
96 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/18/2024, 9:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
97 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:30:00.972 AM 2/18/2024, 8:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
98 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/19/2024, 7:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
99 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/19/2024, 6:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
100 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/19/2024, 5:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
101 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/19/2024, 4:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
102 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/19/2024, 3:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
103 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/19/2024, 2:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
104 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/19/2024, 1:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
105 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/19/2024, 12:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
106 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/18/2024, 11:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
107 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/18/2024, 10:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
108 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/18/2024, 9:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
109 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/18/2024, 8:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
110 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/18/2024, 7:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
111 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/18/2024, 6:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
112 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/18/2024, 5:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
113 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/18/2024, 4:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
114 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/18/2024, 3:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
115 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/18/2024, 2:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
116 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/18/2024, 1:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
117 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/18/2024, 12:00:00.000 PM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
118 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/18/2024, 11:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
119 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/18/2024, 10:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
120 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/18/2024, 9:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL
121 acd8fb14-e664-4b90-a4fd-1456cbfdbacd RestAPI 2/19/2024, 7:31:01.562 AM 2/18/2024, 8:00:00.000 AM 0 0hours, 0minutes Netskope_WebTx_metrics_CL

11
Sample Data/Custom/Netskope/alertscompromisedcredentialdata_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,11 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,_id_s,acked_s,alert_s,alert_name_s,alert_type_s,app_s,Category,cci_s,ccl_s,count_d,organization_unit_s,timestamp_d,type_s,ur_normalized_s,user_s,userkey_s,sAMAccountName_s,breach_id_s,employeeType_s,userPrincipalName_s,breach_media_references_s,breach_date_d,password_type_s,department_s,distinguishedName_s,breach_description_s,breach_score_s,mail_s,breach_target_references_s,matched_username_s,division_s,sAMAccountType_s,email_source_s,external_email_d,cci_d,Type,_ResourceId
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 8:10:32 AM",,,1e95eec04577985f4fde279d,FALSE,yes,Secret share,Compromised Credential,Your Simple Hosting,Cloud Storage,,poor,1,data.com/dataconnector/Active Users/US & International/Full Time,1704900433,datapolicy,dte3831-sjc1-86asd-0651t@test.data.com,dte3831-sjc1-86asd-0651t@test.data.com,dte3831-sjc1-86asd-0651t@test.data.com,,,,,,0,,,,,,,,,,,,0,24,alertscompromisedcredentialdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 8:10:32 AM",,,1f687afc5d9fdb32cba04ced,TRUE,yes,Secret share,Compromised Credential,Groove eCommerce,Cloud Storage,,poor,1,data.com/dataconnector/Active Users/US & International/Full Time,1704900192,datapolicy,dte3831-sjc1-86asd-0671t@test.data.com,dte3831-sjc1-86asd-0671t@test.data.com,dte3831-sjc1-86asd-0671t@test.data.com,,,,,,0,,,,,,,,,,,,0,4,alertscompromisedcredentialdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 8:10:32 AM",,,2072aec42a8c75e6c5825c71,TRUE,yes,Secret share,Compromised Credential,Feedback Loop,Cloud Storage,,poor,1,data.com/dataconnector/Active Users/US & International/Full Time,1704901446,datapolicy,dte3831-sjc1-86asd-0787t@test.data.com,dte3831-sjc1-86asd-0787t@test.data.com,dte3831-sjc1-86asd-0787t@test.data.com,,,,,,0,,,,,,,,,,,,0,20,alertscompromisedcredentialdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 8:10:32 AM",,,25571defdddeaa92f0e33b6d,FALSE,yes,Secret share,Compromised Credential,Caesars Rewards Dining,Cloud Storage,,unknown,1,data.com/dataconnector/Active Users/US & International/Full Time,1704902026,datapolicy,dte3831-sjc1-86asd-0088t@test.data.com,dte3831-sjc1-86asd-0088t@test.data.com,dte3831-sjc1-86asd-0088t@test.data.com,,,,,,0,,,,,,,,,,,,0,32,alertscompromisedcredentialdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 8:10:32 AM",,,269ea90792cb5d060f070f68,TRUE,yes,Secret share,Compromised Credential,Tri Pointe Homes,Cloud Storage,,unknown,1,data.com/dataconnector/Active Users/US & International/Full Time,1704900472,datapolicy,dte3831-sjc1-86asd-0483t@test.data.com,dte3831-sjc1-86asd-0483t@test.data.com,dte3831-sjc1-86asd-0483t@test.data.com,,,,,,0,,,,,,,,,,,,0,52,alertscompromisedcredentialdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 8:10:32 AM",,,26e55ec4e48d0eaa957ace13,FALSE,yes,Secret share,Compromised Credential,Willis Towers Watson HR Software,Cloud Storage,,poor,1,data.com/dataconnector/Active Users/US & International/Full Time,1704900372,datapolicy,dte3831-sjc1-86asd-06571t@test.data.com,dte3831-sjc1-86asd-06571t@test.data.com,dte3831-sjc1-86asd-06571t@test.data.com,,,,,,0,,,,,,,,,,,,0,31,alertscompromisedcredentialdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 8:10:32 AM",,,2792ad4901df4f49397133c3,TRUE,yes,Secret share,Compromised Credential,Supernatural All Stars,Cloud Storage,,unknown,1,data.com/dataconnector/Active Users/US & International/Full Time,1704900892,datapolicy,dte3831-sjc1-86asd-02351t@test.data.com,dte3831-sjc1-86asd-02351t@test.data.com,dte3831-sjc1-86asd-02351t@test.data.com,,,,,,0,,,,,,,,,,,,0,12,alertscompromisedcredentialdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 8:10:32 AM",,,2885f581544dc1d26c6962b8,FALSE,yes,Secret share,Compromised Credential,The Smart Method,Cloud Storage,,,1,data.com/dataconnector/Active Users/US & International/Full Time,1704900612,datapolicy,dte3831-sjc1-86asd-23wt@test.data.com,dte3831-sjc1-86asd-23wt@test.data.com,dte3831-sjc1-86asd-23wt@test.data.com,,,,,,0,,,,,,,,,,,,0,9,alertscompromisedcredentialdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 8:10:32 AM",,,29ea0c070903c693344277da,TRUE,yes,Secret share,Compromised Credential,SchoolBanks.com,Cloud Storage,,unknown,1,data.com/dataconnector/Active Users/US & International/Full Time,1704901787,datapolicy,dte3831-sjc1-86asd-2452t@test.data.com,dte3831-sjc1-86asd-2452t@test.data.com,dte3831-sjc1-86asd-2452t@test.data.com,,,,,,0,,,,,,,,,,,,0,4,alertscompromisedcredentialdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 8:10:32 AM",,,2ac7a4590eeb2d7d4277b8dd,FALSE,yes,Secret share,Compromised Credential,unblockmyweb.com,Cloud Storage,,unknown,1,data.com/dataconnector/Active Users/US & International/Full Time,1704901752,datapolicy,dte3831-sjc1-86asd-3424t@test.data.com,dte3831-sjc1-86asd-3424t@test.data.com,dte3831-sjc1-86asd-3424t@test.data.com,,,,,,0,,,,,,,,,,,,0,7,alertscompromisedcredentialdata_CL,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData _id_s acked_s alert_s alert_name_s alert_type_s app_s Category cci_s ccl_s count_d organization_unit_s timestamp_d type_s ur_normalized_s user_s userkey_s sAMAccountName_s breach_id_s employeeType_s userPrincipalName_s breach_media_references_s breach_date_d password_type_s department_s distinguishedName_s breach_description_s breach_score_s mail_s breach_target_references_s matched_username_s division_s sAMAccountType_s email_source_s external_email_d cci_d Type _ResourceId
2 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 8:10:32 AM 1e95eec04577985f4fde279d FALSE yes Secret share Compromised Credential Your Simple Hosting Cloud Storage poor 1 data.com/dataconnector/Active Users/US & International/Full Time 1704900433 datapolicy dte3831-sjc1-86asd-0651t@test.data.com dte3831-sjc1-86asd-0651t@test.data.com dte3831-sjc1-86asd-0651t@test.data.com 0 0 24 alertscompromisedcredentialdata_CL
3 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 8:10:32 AM 1f687afc5d9fdb32cba04ced TRUE yes Secret share Compromised Credential Groove eCommerce Cloud Storage poor 1 data.com/dataconnector/Active Users/US & International/Full Time 1704900192 datapolicy dte3831-sjc1-86asd-0671t@test.data.com dte3831-sjc1-86asd-0671t@test.data.com dte3831-sjc1-86asd-0671t@test.data.com 0 0 4 alertscompromisedcredentialdata_CL
4 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 8:10:32 AM 2072aec42a8c75e6c5825c71 TRUE yes Secret share Compromised Credential Feedback Loop Cloud Storage poor 1 data.com/dataconnector/Active Users/US & International/Full Time 1704901446 datapolicy dte3831-sjc1-86asd-0787t@test.data.com dte3831-sjc1-86asd-0787t@test.data.com dte3831-sjc1-86asd-0787t@test.data.com 0 0 20 alertscompromisedcredentialdata_CL
5 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 8:10:32 AM 25571defdddeaa92f0e33b6d FALSE yes Secret share Compromised Credential Caesars Rewards Dining Cloud Storage unknown 1 data.com/dataconnector/Active Users/US & International/Full Time 1704902026 datapolicy dte3831-sjc1-86asd-0088t@test.data.com dte3831-sjc1-86asd-0088t@test.data.com dte3831-sjc1-86asd-0088t@test.data.com 0 0 32 alertscompromisedcredentialdata_CL
6 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 8:10:32 AM 269ea90792cb5d060f070f68 TRUE yes Secret share Compromised Credential Tri Pointe Homes Cloud Storage unknown 1 data.com/dataconnector/Active Users/US & International/Full Time 1704900472 datapolicy dte3831-sjc1-86asd-0483t@test.data.com dte3831-sjc1-86asd-0483t@test.data.com dte3831-sjc1-86asd-0483t@test.data.com 0 0 52 alertscompromisedcredentialdata_CL
7 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 8:10:32 AM 26e55ec4e48d0eaa957ace13 FALSE yes Secret share Compromised Credential Willis Towers Watson HR Software Cloud Storage poor 1 data.com/dataconnector/Active Users/US & International/Full Time 1704900372 datapolicy dte3831-sjc1-86asd-06571t@test.data.com dte3831-sjc1-86asd-06571t@test.data.com dte3831-sjc1-86asd-06571t@test.data.com 0 0 31 alertscompromisedcredentialdata_CL
8 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 8:10:32 AM 2792ad4901df4f49397133c3 TRUE yes Secret share Compromised Credential Supernatural All Stars Cloud Storage unknown 1 data.com/dataconnector/Active Users/US & International/Full Time 1704900892 datapolicy dte3831-sjc1-86asd-02351t@test.data.com dte3831-sjc1-86asd-02351t@test.data.com dte3831-sjc1-86asd-02351t@test.data.com 0 0 12 alertscompromisedcredentialdata_CL
9 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 8:10:32 AM 2885f581544dc1d26c6962b8 FALSE yes Secret share Compromised Credential The Smart Method Cloud Storage 1 data.com/dataconnector/Active Users/US & International/Full Time 1704900612 datapolicy dte3831-sjc1-86asd-23wt@test.data.com dte3831-sjc1-86asd-23wt@test.data.com dte3831-sjc1-86asd-23wt@test.data.com 0 0 9 alertscompromisedcredentialdata_CL
10 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 8:10:32 AM 29ea0c070903c693344277da TRUE yes Secret share Compromised Credential SchoolBanks.com Cloud Storage unknown 1 data.com/dataconnector/Active Users/US & International/Full Time 1704901787 datapolicy dte3831-sjc1-86asd-2452t@test.data.com dte3831-sjc1-86asd-2452t@test.data.com dte3831-sjc1-86asd-2452t@test.data.com 0 0 4 alertscompromisedcredentialdata_CL
11 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 8:10:32 AM 2ac7a4590eeb2d7d4277b8dd FALSE yes Secret share Compromised Credential unblockmyweb.com Cloud Storage unknown 1 data.com/dataconnector/Active Users/US & International/Full Time 1704901752 datapolicy dte3831-sjc1-86asd-3424t@test.data.com dte3831-sjc1-86asd-3424t@test.data.com dte3831-sjc1-86asd-3424t@test.data.com 0 0 7 alertscompromisedcredentialdata_CL

11
Sample Data/Custom/Netskope/alertsctepdata_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,11 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,_id_s,acked_s,action_s,alert_s,alert_name_s,alert_type_s,app_s,Category,cci_d,ccl_s,count_d,device_s,dst_country_s,dst_geoip_src_d,dst_latitude_d,dst_location_s,dst_longitude_d,dst_region_s,dst_zipcode_s,dstip_s,organization_unit_s,os_s,other_categories_s,site_s,src_country_s,src_geoip_src_d,src_latitude_d,src_location_s,src_longitude_d,src_region_s,src_zipcode_s,srcip_s,timestamp_d,traffic_type_s,type_s,ur_normalized_s,url_s,user_s,userkey_s,signature_s,transaction_id_d,home_pop_s,tunnel_id_s,ip_protocol_s,userPrincipalName_s,company_s,http_method_s,manager_s,deviceClassification_s,gid_d,profile_id_s,referer_s,dstport_d,netskope_pop_s,userip_s,department_s,signature_id_d,srcport_d,hostname_s,http_port_d,cci_s,Type,_ResourceId
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:16:28 AM",,,d091d47d72e48c1b2af69f56,TRUE,,yes,ctep,ctep,Caspita for Gmail,Cloud Storage,,unknown,1,Other,US,2,42.7936,San Diego,-107.0689,California,92120,1.2.3.4,netskope.local/Netskope/Active Users/US & International/Full Time,Windows 10.0,[],Caspita for vtiger,DE,2,60.1188,Frankfurt am Main,18.6843,Hesse,60313,5.6.7.8,1705914843,CloudApp,nspolicy,dummyuser1@something.com,https://drive.google.com,dummyuser1@something.com,dummyuser1@something.com,,0,,,,,,,,[],0,,,0,,,,0,0,,0,,alertsctepdata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:16:28 AM",,,d2299cbf1173f5a6eb827e65,TRUE,block,yes,ctep,ctep,European University Flensburg,Cloud Storage,,unknown,1,iPhone XS Max,US,2,42.7936,San Diego,-107.0689,California,92120,1.2.3.4,netskope.local/Netskope/Active Users/US & International/Full Time,iOS 9.0,[],European University Flensburg,US,2,42.7936,San Diego,-107.0689,California,92120,5.6.7.8,1705915879,CloudApp,nspolicy,dummyuser2@something.com,https://drive.google.com,dummyuser2@something.com,dummyuser2@something.com,,0,,,,,,,,[],0,,,0,,,,0,0,,0,,alertsctepdata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:16:28 AM",,,d24e47c063e2ee19c5d22b23,TRUE,alert,yes,ctep,ctep,REG.COM,Cloud Storage,14,poor,1,iPhone 7,IN,2,22.9634,Bengaluru,87.5855,Karnataka,560058,1.2.3.4,netskope.local/Netskope/Active Users/US & International/Full Time,iOS 10.1,[],REG.com Domain Registration,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,1705915595,CloudApp,nspolicy,dummyuser3@something.com,https://drive.google.com,dummyuser3@something.com,dummyuser3@something.com,,0,,,,,,,,[],0,,,0,,,,0,0,,0,,alertsctepdata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:16:28 AM",,,d3247664360353e3b1f1f481,TRUE,alert,yes,ctep,ctep,LaunchPad Recruits,Cloud Storage,17,poor,1,ZTE - N720,US,2,42.7936,San Diego,-107.0689,California,92120,1.2.3.4,netskope.local/Netskope/Active Users/US & International/Full Time,Android 11.0,[],LaunchPad Recruits,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,1705915520,CloudApp,nspolicy,dummyuser4@something.com,https://drive.google.com,dummyuser4@something.com,dummyuser4@something.com,,0,,,,,,,,[],0,,,0,,,,0,0,,0,,alertsctepdata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:16:28 AM",,,d33e9ddc720f7554433b0d93,FALSE,,yes,ctep,ctep,Celigo Salesforce and NetSuite Connector,Cloud Storage,49,poor,1,iPhone 6S Plus,FR,1,57.89616,Ballots,-9.04759,Pays-de-la-Loire,,1.2.3.4,netskope.local/Netskope/Active Users/US & International/Full Time,iOS 9.0,[],Celigo Salesforce and NetSuite Connector,US,2,42.7936,San Diego,-107.0689,California,92120,5.6.7.8,1705913781,CloudApp,nspolicy,dummyuser5@something.com,https://drive.google.com,dummyuser5@something.com,dummyuser5@something.com,,0,,,,,,,,[],0,,,0,,,,0,0,,0,,alertsctepdata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:16:28 AM",,,d5a63620a3c06575173ee761,TRUE,,yes,ctep,ctep,La Region Auvergne-Rhone-Alpes,Cloud Storage,,unknown,1,ZTE - P253A20,US,2,42.7936,San Diego,-107.0689,California,92120,1.2.3.4,netskope.local/Netskope/Active Users/US & International/Full Time,Android 10.0,[],La Region Auvergne-Rhone-Alpes,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,1705913943,CloudApp,nspolicy,dummyuser6@something.com,https://drive.google.com,dummyuser6@something.com,dummyuser6@something.com,,0,,,,,,,,[],0,,,0,,,,0,0,,0,,alertsctepdata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:16:28 AM",,,d5c38ab458cb495041e490fd,TRUE,,yes,ctep,ctep,Hub Network Services,Cloud Storage,20,poor,1,ZTE - N721,US,2,55.8234,Boardman,-109.7257,Oregon,97818,1.2.3.4,netskope.local/Netskope/Active Users/US & International/Full Time,Android 11.0,[],Hub Network Solutions,IN,2,22.9634,Bengaluru,87.5855,Karnataka,560058,5.6.7.8,1705915315,CloudApp,nspolicy,dummyuser7@something.com,https://drive.google.com,dummyuser7@something.com,dummyuser7@something.com,,0,,,,,,,,[],0,,,0,,,,0,0,,0,,alertsctepdata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:16:28 AM",,,d7de0e1a3b4c5625919d6211,FALSE,,yes,ctep,ctep,Plum Voice,Cloud Storage,42,poor,1,ZTE - P253A20,IN,2,22.9634,Bengaluru,97.5855,Karnataka,560058,1.2.3.4,netskope.local/Netskope/Active Users/US & International/Full Time,Android 10.0,[],Plum Voice Hosted IVR,FR,1,57.89616,Ballots,-9.04759,Pays-de-la-Loire,,5.6.7.8,1705915643,CloudApp,nspolicy,dummyuser8@something.com,https://drive.google.com,dummyuser8@something.com,dummyuser8@something.com,,0,,,,,,,,[],0,,,0,,,,0,0,,0,,alertsctepdata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:16:28 AM",,,d8125f0bb127493ee96fed88,FALSE,block,yes,ctep,ctep,Willis Towers Watson HR Software,Cloud Storage,31,poor,1,12.9-inch iPad Pro,US,2,42.7936,San Diego,-107.0689,California,92120,1.2.3.4,netskope.local/Netskope/Active Users/US & International/Full Time,iOS 10.1,[],Willis Towers Watson HR Software,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,1705914187,CloudApp,nspolicy,dummyuser9@something.com,https://drive.google.com,dummyuser9@something.com,dummyuser9@something.com,,0,,,,,,,,[],0,,,0,,,,0,0,,0,,alertsctepdata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:16:28 AM",,,d8fac3dbe4bcba5814e4b904,FALSE,,yes,ctep,ctep,Siemens Apogee,Cloud Storage,0,unknown,1,Other,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,1.2.3.4,netskope.local/Netskope/Active Users/US & International/Full Time,Windows 7.0,[],siemens_apogee,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,1705914533,CloudApp,nspolicy,dummyuser10@something.com,https://drive.google.com,dummyuser10@something.com,dummyuser10@something.com,,0,,,,,,,,[],0,,,0,,,,0,0,,0,,alertsctepdata_CL,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData _id_s acked_s action_s alert_s alert_name_s alert_type_s app_s Category cci_d ccl_s count_d device_s dst_country_s dst_geoip_src_d dst_latitude_d dst_location_s dst_longitude_d dst_region_s dst_zipcode_s dstip_s organization_unit_s os_s other_categories_s site_s src_country_s src_geoip_src_d src_latitude_d src_location_s src_longitude_d src_region_s src_zipcode_s srcip_s timestamp_d traffic_type_s type_s ur_normalized_s url_s user_s userkey_s signature_s transaction_id_d home_pop_s tunnel_id_s ip_protocol_s userPrincipalName_s company_s http_method_s manager_s deviceClassification_s gid_d profile_id_s referer_s dstport_d netskope_pop_s userip_s department_s signature_id_d srcport_d hostname_s http_port_d cci_s Type _ResourceId
2 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:16:28 AM d091d47d72e48c1b2af69f56 TRUE yes ctep ctep Caspita for Gmail Cloud Storage unknown 1 Other US 2 42.7936 San Diego -107.0689 California 92120 1.2.3.4 netskope.local/Netskope/Active Users/US & International/Full Time Windows 10.0 [] Caspita for vtiger DE 2 60.1188 Frankfurt am Main 18.6843 Hesse 60313 5.6.7.8 1705914843 CloudApp nspolicy dummyuser1@something.com https://drive.google.com dummyuser1@something.com dummyuser1@something.com 0 [] 0 0 0 0 0 alertsctepdata_CL
3 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:16:28 AM d2299cbf1173f5a6eb827e65 TRUE block yes ctep ctep European University Flensburg Cloud Storage unknown 1 iPhone XS Max US 2 42.7936 San Diego -107.0689 California 92120 1.2.3.4 netskope.local/Netskope/Active Users/US & International/Full Time iOS 9.0 [] European University Flensburg US 2 42.7936 San Diego -107.0689 California 92120 5.6.7.8 1705915879 CloudApp nspolicy dummyuser2@something.com https://drive.google.com dummyuser2@something.com dummyuser2@something.com 0 [] 0 0 0 0 0 alertsctepdata_CL
4 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:16:28 AM d24e47c063e2ee19c5d22b23 TRUE alert yes ctep ctep REG.COM Cloud Storage 14 poor 1 iPhone 7 IN 2 22.9634 Bengaluru 87.5855 Karnataka 560058 1.2.3.4 netskope.local/Netskope/Active Users/US & International/Full Time iOS 10.1 [] REG.com Domain Registration NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 1705915595 CloudApp nspolicy dummyuser3@something.com https://drive.google.com dummyuser3@something.com dummyuser3@something.com 0 [] 0 0 0 0 0 alertsctepdata_CL
5 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:16:28 AM d3247664360353e3b1f1f481 TRUE alert yes ctep ctep LaunchPad Recruits Cloud Storage 17 poor 1 ZTE - N720 US 2 42.7936 San Diego -107.0689 California 92120 1.2.3.4 netskope.local/Netskope/Active Users/US & International/Full Time Android 11.0 [] LaunchPad Recruits NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 1705915520 CloudApp nspolicy dummyuser4@something.com https://drive.google.com dummyuser4@something.com dummyuser4@something.com 0 [] 0 0 0 0 0 alertsctepdata_CL
6 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:16:28 AM d33e9ddc720f7554433b0d93 FALSE yes ctep ctep Celigo Salesforce and NetSuite Connector Cloud Storage 49 poor 1 iPhone 6S Plus FR 1 57.89616 Ballots -9.04759 Pays-de-la-Loire 1.2.3.4 netskope.local/Netskope/Active Users/US & International/Full Time iOS 9.0 [] Celigo Salesforce and NetSuite Connector US 2 42.7936 San Diego -107.0689 California 92120 5.6.7.8 1705913781 CloudApp nspolicy dummyuser5@something.com https://drive.google.com dummyuser5@something.com dummyuser5@something.com 0 [] 0 0 0 0 0 alertsctepdata_CL
7 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:16:28 AM d5a63620a3c06575173ee761 TRUE yes ctep ctep La Region Auvergne-Rhone-Alpes Cloud Storage unknown 1 ZTE - P253A20 US 2 42.7936 San Diego -107.0689 California 92120 1.2.3.4 netskope.local/Netskope/Active Users/US & International/Full Time Android 10.0 [] La Region Auvergne-Rhone-Alpes NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 1705913943 CloudApp nspolicy dummyuser6@something.com https://drive.google.com dummyuser6@something.com dummyuser6@something.com 0 [] 0 0 0 0 0 alertsctepdata_CL
8 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:16:28 AM d5c38ab458cb495041e490fd TRUE yes ctep ctep Hub Network Services Cloud Storage 20 poor 1 ZTE - N721 US 2 55.8234 Boardman -109.7257 Oregon 97818 1.2.3.4 netskope.local/Netskope/Active Users/US & International/Full Time Android 11.0 [] Hub Network Solutions IN 2 22.9634 Bengaluru 87.5855 Karnataka 560058 5.6.7.8 1705915315 CloudApp nspolicy dummyuser7@something.com https://drive.google.com dummyuser7@something.com dummyuser7@something.com 0 [] 0 0 0 0 0 alertsctepdata_CL
9 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:16:28 AM d7de0e1a3b4c5625919d6211 FALSE yes ctep ctep Plum Voice Cloud Storage 42 poor 1 ZTE - P253A20 IN 2 22.9634 Bengaluru 97.5855 Karnataka 560058 1.2.3.4 netskope.local/Netskope/Active Users/US & International/Full Time Android 10.0 [] Plum Voice Hosted IVR FR 1 57.89616 Ballots -9.04759 Pays-de-la-Loire 5.6.7.8 1705915643 CloudApp nspolicy dummyuser8@something.com https://drive.google.com dummyuser8@something.com dummyuser8@something.com 0 [] 0 0 0 0 0 alertsctepdata_CL
10 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:16:28 AM d8125f0bb127493ee96fed88 FALSE block yes ctep ctep Willis Towers Watson HR Software Cloud Storage 31 poor 1 12.9-inch iPad Pro US 2 42.7936 San Diego -107.0689 California 92120 1.2.3.4 netskope.local/Netskope/Active Users/US & International/Full Time iOS 10.1 [] Willis Towers Watson HR Software NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 1705914187 CloudApp nspolicy dummyuser9@something.com https://drive.google.com dummyuser9@something.com dummyuser9@something.com 0 [] 0 0 0 0 0 alertsctepdata_CL
11 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:16:28 AM d8fac3dbe4bcba5814e4b904 FALSE yes ctep ctep Siemens Apogee Cloud Storage 0 unknown 1 Other NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 1.2.3.4 netskope.local/Netskope/Active Users/US & International/Full Time Windows 7.0 [] siemens_apogee NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 1705914533 CloudApp nspolicy dummyuser10@something.com https://drive.google.com dummyuser10@something.com dummyuser10@something.com 0 [] 0 0 0 0 0 alertsctepdata_CL

11
Sample Data/Custom/Netskope/alertsdlpdata_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,11 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,_id_s,access_method_s,acked_s,action_s,activity_s,alert_s,alert_name_s,alert_type_s,app_s,appcategory_s,browser_s,Category,ccl_s,device_s,dst_country_s,dst_geoip_src_d,dst_latitude_d,dst_location_s,dst_longitude_d,dst_region_s,dst_zipcode_s,dstip_s,exposure_s,file_lang_s,file_path_s,file_size_d,file_type_s,instance_id_s,instance_id_s,local_sha256_s,md5_g,mime_type_s,modified_d,object_s,object_id_s,object_type_s,organization_unit_s,os_s,owner_s,policy_s,request_id_s,scan_type_s,site_s,src_country_s,src_geoip_src_d,src_latitude_d,src_location_s,src_longitude_d,src_region_s,src_zipcode_s,srcip_s,suppression_key_s,timestamp_d,traffic_type_s,type_s,ur_normalized_s,url_s,user_s,userkey_s,user_id_s,channel_s,dlp_rule_s,file_password_protected_s,tss_mode_s,dlp_rule_count_d,appsuite_s,web_universal_connector_s,outer_doc_type_d,shared_with_s,dlp_is_unique_count_s,dynamic_classification_s,classification_name_s,app_session_id_d,true_type_id_d,page_site_s,file_category_s,data_type_s,universal_connector_s,sanctioned_instance_s,protocol_s,dlp_mail_parent_id_s,violating_user_type_s,sub_type_s,os_version_s,smtp_to_s,incident_id_d,group_s,sha256_s,act_user_s,displayName_s,message_id_s,file_cls_encrypted_b,hostname_s,shared_domains_s,managed_app_s,from_storage_s,managementID_s,mail_s,title_s,dlp_file_s,from_user_s,dlp_fingerprint_classification_s,owner_pdl_s,violating_user_s,manager_s,to_user_s,parent_id_s,app_activity_s,dlp_incident_id_d,device_classification_s,browser_version_s,src_time_s,to_storage_s,dst_timezone_s,dlp_rule_severity_s,src_timezone_s,total_collaborator_count_d,userCountry_s,dlp_profile_s,true_obj_type_s,transaction_id_d,true_obj_category_s,userPrincipalName_s,orignal_file_path_s,collaborated_s,connection_id_d,bcc_s,userip_s,referer_s,sAMAccountName_s,message_size_d,dlp_parent_id_d,external_collaborator_count_d,retro_scan_name_s,dlp_unique_count_d,browser_session_id_d,dlp_fingerprint_match_s,severity_s,dlp_fingerprint_score_d,page_s,true_filetype_s,policy_id_s,dlp_rule_score_d,Type,_ResourceId
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/22/2024, 2:04:34 PM",,,4e3101afb739174bf08b4577,API Connector,FALSE,alert,Introspection Scan,yes,File shared publicly using cloud drive,DLP,ThinkHelpDesk,Cloud Storage,unknown,Cloud Storage,poor,iPhone XS Max,NL,2,53.7,Boardman,-19.72,Oregon,97818,1.2.3.4,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,118842,application.document,datainstance.com,datainstance.com,32efe1952fe8eea427009e4774647a0d5adae21a4fe3d0b3431316d1362fde03,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,UHAqOVDmRlcHpLiD,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 9.0,asdf523adsd0-0245t@test.data.com,policy_ga28,2459149802892628500,Ongoing,ThinkHelpDesk,DE,2,53.7,Boardman,-19.72,Oregon,97818,1.2.3.4,Tenant Migration across MPs,1676246410,CloudApp,datapolicy,asdf523adsd0-0245t@test.data.com,https://drive.google.com,asdf523adsd0-0245t@test.data.com,asdf523adsd0-0245t@test.data.com,,,,,,0,,,0,,,,,0,0,,,,,,,,,,,[],0,,,,,,FALSE,,,,,,,,,,,,,,,,,0,,,,,,,,0,,,,0,,,,,0,,,,,0,0,0,,0,0,,,0,,,,0,alertsdlpdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/22/2024, 2:04:34 PM",,,4e5dfc81afb4939bd9cd5952,API Connector,FALSE,block,Introspection Scan,yes,File shared publicly using cloud drive,DLP,MyEasyISO,Cloud Storage,unknown,Cloud Storage,poor,ZTE - Grand-S,US,2,12.9634,Amsterdam,4.8975,North Holland,1012,3.86.29.24,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,119111,application.document,datainstance.com,datainstance.com,5b1eea86757bf9f6073eaa82de8aadf07e69a19020662ff6d3e20f3843fae2b2,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,YrsfUfWRuXasWynt,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,Windows 11.0,asdf523adsd0-0995t@test.data.com,policy_ga26,2459149802892628500,Ongoing,MyEasyISO ISO 9001 Software,FR,2,12.9634,Amsterdam,4.8975,North Holland,1012,3.86.29.24,Tenant Migration across MPs,1676246415,CloudApp,datapolicy,asdf523adsd0-0995t@test.data.com,https://drive.google.com,asdf523adsd0-0995t@test.data.com,asdf523adsd0-0995t@test.data.com,,,,,,0,,,0,,,,,0,0,,,,,,,,,,,[],0,,,,,,FALSE,,,,,,,,,,,,,,,,,0,,,,,,,,0,,,,0,,,,,0,,,,,0,0,0,,0,0,,,0,,,,0,alertsdlpdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/22/2024, 2:04:34 PM",,,4e82a96f73568bd7fbc11f94,API Connector,FALSE,,Introspection Scan,yes,File shared publicly using cloud drive,DLP,Tri Pointe Homes,Cloud Storage,unknown,Cloud Storage,unknown,iPhone XR,US,2,7.896,Ballots,12.9634,Pays-de-la-Loire,3243,13.248.55.2,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,118890,application.document,datainstance.com,datainstance.com,c970ad25da9fcbd822583d10efe096263b6294fe2ffffe99e448537b892c4693,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,VskBcjyDyjOQyWkD,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,Windows 8.1,asdf523adsd0-0646t@test.data.com,policy_ga51,2459149802892628500,Ongoing,Tri Pointe Homes,NL,2,7.896,Ballots,12.9634,Pays-de-la-Loire,,13.248.55.2,Tenant Migration across MPs,1676246406,CloudApp,datapolicy,asdf523adsd0-0646t@test.data.com,https://drive.google.com,asdf523adsd0-0646t@test.data.com,asdf523adsd0-0646t@test.data.com,,,,,,0,,,0,,,,,0,0,,,,,,,,,,,[],0,,,,,,FALSE,,,,,,,,,,,,,,,,,0,,,,,,,,0,,,,0,,,,,0,,,,,0,0,0,,0,0,,,0,,,,0,alertsdlpdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/22/2024, 2:04:34 PM",,,4e91d034b9d63eb8dd13339d,API Connector,FALSE,block,Introspection Scan,yes,File shared publicly using cloud drive,DLP,Caspita for Gmail,Cloud Storage,unknown,Cloud Storage,unknown,iPhone 15,US,2,53.7,Amsterdam,4.8975,North Holland,1012,1.2.3.4,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,119161,application.document,datainstance.com,datainstance.com,489329651e67cb2bc65d93a8e6c4bd72ddf59d112c83dfda7a93a8066b7f9d7e,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,vGBOBkANQtLUoKIk,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 9.0,asdf523adsd0-0014t@test.data.com,policy_ga29,2459149802892628500,Ongoing,Caspita for vtiger,IN,2,53.7,Amsterdam,4.8975,North Holland,1012,1.2.3.4,Tenant Migration across MPs,1676246404,CloudApp,datapolicy,asdf523adsd0-0014t@test.data.com,https://drive.google.com,asdf523adsd0-0014t@test.data.com,asdf523adsd0-0014t@test.data.com,,,,,,0,,,0,,,,,0,0,,,,,,,,,,,[],0,,,,,,FALSE,,,,,,,,,,,,,,,,,0,,,,,,,,0,,,,0,,,,,0,,,,,0,0,0,,0,0,,,0,,,,0,alertsdlpdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/22/2024, 2:04:34 PM",,,4e945315566e7b804dd9494e,API Connector,TRUE,,Introspection Scan,yes,File shared publicly using cloud drive,DLP,c4.ai,Cloud Storage,unknown,Cloud Storage,,Samsung Fold 5,US,2,12.9634,Bengaluru,7.896,Karnataka,560058,3.86.29.24,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,118578,application.document,datainstance.com,datainstance.com,df8ead0f14425eaf3284ac78b7484bc82ca69061d982affb04ba291a74be6454,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,NQrLaSeiPRjgrNhT,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 11.1,asdf523adsd0-0979t@test.data.com,policy_ga2,2459149802892628500,Ongoing,c4.ai,US,2,12.9634,Bengaluru,7.896,Karnataka,560058,3.86.29.24,Tenant Migration across MPs,1676246402,CloudApp,datapolicy,asdf523adsd0-0979t@test.data.com,https://drive.google.com,asdf523adsd0-0979t@test.data.com,asdf523adsd0-0979t@test.data.com,,,,,,0,,,0,,,,,0,0,,,,,,,,,,,[],0,,,,,,FALSE,,,,,,,,,,,,,,,,,0,,,,,,,,0,,,,0,,,,,0,,,,,0,0,0,,0,0,,,0,,,,0,alertsdlpdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/22/2024, 2:04:34 PM",,,4e95206fe8771279d380dbf1,API Connector,TRUE,alert,Introspection Scan,yes,File shared publicly using cloud drive,DLP,CloudPital EClinic,Cloud Storage,unknown,Cloud Storage,poor,iPhone 11,US,2,53.7,Amsterdam,4.8975,North Holland,1012,13.248.55.2,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,118924,application.document,datainstance.com,datainstance.com,70771a229f3933bce9d6feb3b37a5bc2b127091507e0c5c5314c3d3a03680d57,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,dUvSAEcVkRadtAWb,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 9.0,asdf523adsd0-0544t@test.data.com,policy_ga24,2459149802892628500,Ongoing,CloudPital EClinic,IN,2,53.7,Amsterdam,4.8975,North Holland,1012,13.248.55.2,Tenant Migration across MPs,1676246404,CloudApp,datapolicy,asdf523adsd0-0544t@test.data.com,https://drive.google.com,asdf523adsd0-0544t@test.data.com,asdf523adsd0-0544t@test.data.com,,,,,,0,,,0,,,,,0,0,,,,,,,,,,,[],0,,,,,,FALSE,,,,,,,,,,,,,,,,,0,,,,,,,,0,,,,0,,,,,0,,,,,0,0,0,,0,0,,,0,,,,0,alertsdlpdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/22/2024, 2:04:34 PM",,,4ea0251f21d95111b6cd230e,API Connector,FALSE,block,Introspection Scan,yes,File shared publicly using cloud drive,DLP,EY CogniStreamer,Cloud Storage,unknown,Cloud Storage,poor,ZTE - P188T20,FR,2,52.3759,Amsterdam,7.896,North Holland,1012,1.2.3.4,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,118576,application.document,datainstance.com,datainstance.com,942e0e797bb5867bc5df57266744ce0cd54ea12159e37581cf3c113d6f1cb2bc,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,kuQKwOCYzAseWVCx,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,Windows 8.0,asdf523adsd0-0838t@test.data.com,policy_ga2,2459149802892628500,Ongoing,CogniStreamer,FR,2,52.3759,Amsterdam,7.896,North Holland,1012,1.2.3.4,Tenant Migration across MPs,1676246420,CloudApp,datapolicy,asdf523adsd0-0838t@test.data.com,https://drive.google.com,asdf523adsd0-0838t@test.data.com,asdf523adsd0-0838t@test.data.com,,,,,,0,,,0,,,,,0,0,,,,,,,,,,,[],0,,,,,,FALSE,,,,,,,,,,,,,,,,,0,,,,,,,,0,,,,0,,,,,0,,,,,0,0,0,,0,0,,,0,,,,0,alertsdlpdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/22/2024, 2:04:34 PM",,,4eb36bfeb684f02e601f31db,API Connector,TRUE,alert,Introspection Scan,yes,File shared publicly using cloud drive,DLP,c4.ai,Cloud Storage,unknown,Cloud Storage,,Other,NL,2,12.9634,Ballots,-19.72,Pays-de-la-Loire,3243,3.86.29.24,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,118880,application.document,datainstance.com,datainstance.com,2391269788f8ce1f61de80771a7587f6514eb75dcf7cc3fa9e71ae23e439f848,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,RyPvKZstSCGovFDW,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 9.6,asdf523adsd0-0773t@test.data.com,policy_ga7,2459149802892628500,Ongoing,c4.ai,IN,2,12.9634,Ballots,-19.72,Pays-de-la-Loire,,3.86.29.24,Tenant Migration across MPs,1676246391,CloudApp,datapolicy,asdf523adsd0-0773t@test.data.com,https://drive.google.com,asdf523adsd0-0773t@test.data.com,asdf523adsd0-0773t@test.data.com,,,,,,0,,,0,,,,,0,0,,,,,,,,,,,[],0,,,,,,FALSE,,,,,,,,,,,,,,,,,0,,,,,,,,0,,,,0,,,,,0,,,,,0,0,0,,0,0,,,0,,,,0,alertsdlpdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/22/2024, 2:04:34 PM",,,4eb5b8b7d8224c3aa96d34d0,API Connector,FALSE,block,Introspection Scan,yes,File shared publicly using cloud drive,DLP,Nordic Naturals,Cloud Storage,unknown,Cloud Storage,unknown,Samsung Fold 5,NL,2,53.7,Bengaluru,77.5855,Karnataka,560058,13.248.55.2,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,119268,application.document,datainstance.com,datainstance.com,cceffbb68fe7add0547d0a6e936bb4c6081ac553ff72d03ac97e1904b8f3e22f,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,vqgUXgDrcHKtYBNm,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 9.0,asdf523adsd0-0804t@test.data.com,policy_ga36,2459149802892628500,Ongoing,Nordic Naturals,NL,2,53.7,Bengaluru,77.5855,Karnataka,560058,13.248.55.2,Tenant Migration across MPs,1676246407,CloudApp,datapolicy,asdf523adsd0-0804t@test.data.com,https://drive.google.com,asdf523adsd0-0804t@test.data.com,asdf523adsd0-0804t@test.data.com,,,,,,0,,,0,,,,,0,0,,,,,,,,,,,[],0,,,,,,FALSE,,,,,,,,,,,,,,,,,0,,,,,,,,0,,,,0,,,,,0,,,,,0,0,0,,0,0,,,0,,,,0,alertsdlpdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/22/2024, 2:04:34 PM",,,4ebe6f7b8d466ce8d84189ba,API Connector,FALSE,,Introspection Scan,yes,File shared publicly using cloud drive,DLP,Long Beach Unified School District,Cloud Storage,unknown,Cloud Storage,unknown,iPhone 8,IN,2,7.896,Ballots,-1.04759,Pays-de-la-Loire,3243,19.2.5.21,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,119106,application.document,datainstance.com,datainstance.com,d3cb0f14836aa8b3fa3c9b7547b5562bfe9fe370d3db3631f0ede9885df495c1,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,yTLvwNVHPknBqavq,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,Windows 7.0,asdf523adsd0-0054t@test.data.com,policy_ga21,2459149802892628500,Ongoing,Long Beach Unified School District,NL,2,7.896,Ballots,-1.04759,Pays-de-la-Loire,,19.2.5.21,Tenant Migration across MPs,1676246419,CloudApp,datapolicy,asdf523adsd0-0054t@test.data.com,https://drive.google.com,asdf523adsd0-0054t@test.data.com,asdf523adsd0-0054t@test.data.com,,,,,,0,,,0,,,,,0,0,,,,,,,,,,,[],0,,,,,,FALSE,,,,,,,,,,,,,,,,,0,,,,,,,,0,,,,0,,,,,0,,,,,0,0,0,,0,0,,,0,,,,0,alertsdlpdata_CL,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData _id_s access_method_s acked_s action_s activity_s alert_s alert_name_s alert_type_s app_s appcategory_s browser_s Category ccl_s device_s dst_country_s dst_geoip_src_d dst_latitude_d dst_location_s dst_longitude_d dst_region_s dst_zipcode_s dstip_s exposure_s file_lang_s file_path_s file_size_d file_type_s instance_id_s instance_id_s local_sha256_s md5_g mime_type_s modified_d object_s object_id_s object_type_s organization_unit_s os_s owner_s policy_s request_id_s scan_type_s site_s src_country_s src_geoip_src_d src_latitude_d src_location_s src_longitude_d src_region_s src_zipcode_s srcip_s suppression_key_s timestamp_d traffic_type_s type_s ur_normalized_s url_s user_s userkey_s user_id_s channel_s dlp_rule_s file_password_protected_s tss_mode_s dlp_rule_count_d appsuite_s web_universal_connector_s outer_doc_type_d shared_with_s dlp_is_unique_count_s dynamic_classification_s classification_name_s app_session_id_d true_type_id_d page_site_s file_category_s data_type_s universal_connector_s sanctioned_instance_s protocol_s dlp_mail_parent_id_s violating_user_type_s sub_type_s os_version_s smtp_to_s incident_id_d group_s sha256_s act_user_s displayName_s message_id_s file_cls_encrypted_b hostname_s shared_domains_s managed_app_s from_storage_s managementID_s mail_s title_s dlp_file_s from_user_s dlp_fingerprint_classification_s owner_pdl_s violating_user_s manager_s to_user_s parent_id_s app_activity_s dlp_incident_id_d device_classification_s browser_version_s src_time_s to_storage_s dst_timezone_s dlp_rule_severity_s src_timezone_s total_collaborator_count_d userCountry_s dlp_profile_s true_obj_type_s transaction_id_d true_obj_category_s userPrincipalName_s orignal_file_path_s collaborated_s connection_id_d bcc_s userip_s referer_s sAMAccountName_s message_size_d dlp_parent_id_d external_collaborator_count_d retro_scan_name_s dlp_unique_count_d browser_session_id_d dlp_fingerprint_match_s severity_s dlp_fingerprint_score_d page_s true_filetype_s policy_id_s dlp_rule_score_d Type _ResourceId
2 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/22/2024, 2:04:34 PM 4e3101afb739174bf08b4577 API Connector FALSE alert Introspection Scan yes File shared publicly using cloud drive DLP ThinkHelpDesk Cloud Storage unknown Cloud Storage poor iPhone XS Max NL 2 53.7 Boardman -19.72 Oregon 97818 1.2.3.4 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 118842 application.document datainstance.com datainstance.com 32efe1952fe8eea427009e4774647a0d5adae21a4fe3d0b3431316d1362fde03 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 UHAqOVDmRlcHpLiD 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time iOS 9.0 asdf523adsd0-0245t@test.data.com policy_ga28 2459149802892628500 Ongoing ThinkHelpDesk DE 2 53.7 Boardman -19.72 Oregon 97818 1.2.3.4 Tenant Migration across MPs 1676246410 CloudApp datapolicy asdf523adsd0-0245t@test.data.com https://drive.google.com asdf523adsd0-0245t@test.data.com asdf523adsd0-0245t@test.data.com 0 0 0 0 [] 0 FALSE 0 0 0 0 0 0 0 0 0 0 0 alertsdlpdata_CL
3 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/22/2024, 2:04:34 PM 4e5dfc81afb4939bd9cd5952 API Connector FALSE block Introspection Scan yes File shared publicly using cloud drive DLP MyEasyISO Cloud Storage unknown Cloud Storage poor ZTE - Grand-S US 2 12.9634 Amsterdam 4.8975 North Holland 1012 3.86.29.24 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 119111 application.document datainstance.com datainstance.com 5b1eea86757bf9f6073eaa82de8aadf07e69a19020662ff6d3e20f3843fae2b2 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 YrsfUfWRuXasWynt 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time Windows 11.0 asdf523adsd0-0995t@test.data.com policy_ga26 2459149802892628500 Ongoing MyEasyISO ISO 9001 Software FR 2 12.9634 Amsterdam 4.8975 North Holland 1012 3.86.29.24 Tenant Migration across MPs 1676246415 CloudApp datapolicy asdf523adsd0-0995t@test.data.com https://drive.google.com asdf523adsd0-0995t@test.data.com asdf523adsd0-0995t@test.data.com 0 0 0 0 [] 0 FALSE 0 0 0 0 0 0 0 0 0 0 0 alertsdlpdata_CL
4 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/22/2024, 2:04:34 PM 4e82a96f73568bd7fbc11f94 API Connector FALSE Introspection Scan yes File shared publicly using cloud drive DLP Tri Pointe Homes Cloud Storage unknown Cloud Storage unknown iPhone XR US 2 7.896 Ballots 12.9634 Pays-de-la-Loire 3243 13.248.55.2 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 118890 application.document datainstance.com datainstance.com c970ad25da9fcbd822583d10efe096263b6294fe2ffffe99e448537b892c4693 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 VskBcjyDyjOQyWkD 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time Windows 8.1 asdf523adsd0-0646t@test.data.com policy_ga51 2459149802892628500 Ongoing Tri Pointe Homes NL 2 7.896 Ballots 12.9634 Pays-de-la-Loire 13.248.55.2 Tenant Migration across MPs 1676246406 CloudApp datapolicy asdf523adsd0-0646t@test.data.com https://drive.google.com asdf523adsd0-0646t@test.data.com asdf523adsd0-0646t@test.data.com 0 0 0 0 [] 0 FALSE 0 0 0 0 0 0 0 0 0 0 0 alertsdlpdata_CL
5 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/22/2024, 2:04:34 PM 4e91d034b9d63eb8dd13339d API Connector FALSE block Introspection Scan yes File shared publicly using cloud drive DLP Caspita for Gmail Cloud Storage unknown Cloud Storage unknown iPhone 15 US 2 53.7 Amsterdam 4.8975 North Holland 1012 1.2.3.4 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 119161 application.document datainstance.com datainstance.com 489329651e67cb2bc65d93a8e6c4bd72ddf59d112c83dfda7a93a8066b7f9d7e 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 vGBOBkANQtLUoKIk 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time iOS 9.0 asdf523adsd0-0014t@test.data.com policy_ga29 2459149802892628500 Ongoing Caspita for vtiger IN 2 53.7 Amsterdam 4.8975 North Holland 1012 1.2.3.4 Tenant Migration across MPs 1676246404 CloudApp datapolicy asdf523adsd0-0014t@test.data.com https://drive.google.com asdf523adsd0-0014t@test.data.com asdf523adsd0-0014t@test.data.com 0 0 0 0 [] 0 FALSE 0 0 0 0 0 0 0 0 0 0 0 alertsdlpdata_CL
6 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/22/2024, 2:04:34 PM 4e945315566e7b804dd9494e API Connector TRUE Introspection Scan yes File shared publicly using cloud drive DLP c4.ai Cloud Storage unknown Cloud Storage Samsung Fold 5 US 2 12.9634 Bengaluru 7.896 Karnataka 560058 3.86.29.24 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 118578 application.document datainstance.com datainstance.com df8ead0f14425eaf3284ac78b7484bc82ca69061d982affb04ba291a74be6454 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 NQrLaSeiPRjgrNhT 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time iOS 11.1 asdf523adsd0-0979t@test.data.com policy_ga2 2459149802892628500 Ongoing c4.ai US 2 12.9634 Bengaluru 7.896 Karnataka 560058 3.86.29.24 Tenant Migration across MPs 1676246402 CloudApp datapolicy asdf523adsd0-0979t@test.data.com https://drive.google.com asdf523adsd0-0979t@test.data.com asdf523adsd0-0979t@test.data.com 0 0 0 0 [] 0 FALSE 0 0 0 0 0 0 0 0 0 0 0 alertsdlpdata_CL
7 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/22/2024, 2:04:34 PM 4e95206fe8771279d380dbf1 API Connector TRUE alert Introspection Scan yes File shared publicly using cloud drive DLP CloudPital EClinic Cloud Storage unknown Cloud Storage poor iPhone 11 US 2 53.7 Amsterdam 4.8975 North Holland 1012 13.248.55.2 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 118924 application.document datainstance.com datainstance.com 70771a229f3933bce9d6feb3b37a5bc2b127091507e0c5c5314c3d3a03680d57 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 dUvSAEcVkRadtAWb 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time iOS 9.0 asdf523adsd0-0544t@test.data.com policy_ga24 2459149802892628500 Ongoing CloudPital EClinic IN 2 53.7 Amsterdam 4.8975 North Holland 1012 13.248.55.2 Tenant Migration across MPs 1676246404 CloudApp datapolicy asdf523adsd0-0544t@test.data.com https://drive.google.com asdf523adsd0-0544t@test.data.com asdf523adsd0-0544t@test.data.com 0 0 0 0 [] 0 FALSE 0 0 0 0 0 0 0 0 0 0 0 alertsdlpdata_CL
8 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/22/2024, 2:04:34 PM 4ea0251f21d95111b6cd230e API Connector FALSE block Introspection Scan yes File shared publicly using cloud drive DLP EY CogniStreamer Cloud Storage unknown Cloud Storage poor ZTE - P188T20 FR 2 52.3759 Amsterdam 7.896 North Holland 1012 1.2.3.4 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 118576 application.document datainstance.com datainstance.com 942e0e797bb5867bc5df57266744ce0cd54ea12159e37581cf3c113d6f1cb2bc 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 kuQKwOCYzAseWVCx 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time Windows 8.0 asdf523adsd0-0838t@test.data.com policy_ga2 2459149802892628500 Ongoing CogniStreamer FR 2 52.3759 Amsterdam 7.896 North Holland 1012 1.2.3.4 Tenant Migration across MPs 1676246420 CloudApp datapolicy asdf523adsd0-0838t@test.data.com https://drive.google.com asdf523adsd0-0838t@test.data.com asdf523adsd0-0838t@test.data.com 0 0 0 0 [] 0 FALSE 0 0 0 0 0 0 0 0 0 0 0 alertsdlpdata_CL
9 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/22/2024, 2:04:34 PM 4eb36bfeb684f02e601f31db API Connector TRUE alert Introspection Scan yes File shared publicly using cloud drive DLP c4.ai Cloud Storage unknown Cloud Storage Other NL 2 12.9634 Ballots -19.72 Pays-de-la-Loire 3243 3.86.29.24 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 118880 application.document datainstance.com datainstance.com 2391269788f8ce1f61de80771a7587f6514eb75dcf7cc3fa9e71ae23e439f848 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 RyPvKZstSCGovFDW 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time iOS 9.6 asdf523adsd0-0773t@test.data.com policy_ga7 2459149802892628500 Ongoing c4.ai IN 2 12.9634 Ballots -19.72 Pays-de-la-Loire 3.86.29.24 Tenant Migration across MPs 1676246391 CloudApp datapolicy asdf523adsd0-0773t@test.data.com https://drive.google.com asdf523adsd0-0773t@test.data.com asdf523adsd0-0773t@test.data.com 0 0 0 0 [] 0 FALSE 0 0 0 0 0 0 0 0 0 0 0 alertsdlpdata_CL
10 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/22/2024, 2:04:34 PM 4eb5b8b7d8224c3aa96d34d0 API Connector FALSE block Introspection Scan yes File shared publicly using cloud drive DLP Nordic Naturals Cloud Storage unknown Cloud Storage unknown Samsung Fold 5 NL 2 53.7 Bengaluru 77.5855 Karnataka 560058 13.248.55.2 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 119268 application.document datainstance.com datainstance.com cceffbb68fe7add0547d0a6e936bb4c6081ac553ff72d03ac97e1904b8f3e22f 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 vqgUXgDrcHKtYBNm 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time iOS 9.0 asdf523adsd0-0804t@test.data.com policy_ga36 2459149802892628500 Ongoing Nordic Naturals NL 2 53.7 Bengaluru 77.5855 Karnataka 560058 13.248.55.2 Tenant Migration across MPs 1676246407 CloudApp datapolicy asdf523adsd0-0804t@test.data.com https://drive.google.com asdf523adsd0-0804t@test.data.com asdf523adsd0-0804t@test.data.com 0 0 0 0 [] 0 FALSE 0 0 0 0 0 0 0 0 0 0 0 alertsdlpdata_CL
11 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/22/2024, 2:04:34 PM 4ebe6f7b8d466ce8d84189ba API Connector FALSE Introspection Scan yes File shared publicly using cloud drive DLP Long Beach Unified School District Cloud Storage unknown Cloud Storage unknown iPhone 8 IN 2 7.896 Ballots -1.04759 Pays-de-la-Loire 3243 19.2.5.21 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 119106 application.document datainstance.com datainstance.com d3cb0f14836aa8b3fa3c9b7547b5562bfe9fe370d3db3631f0ede9885df495c1 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 yTLvwNVHPknBqavq 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time Windows 7.0 asdf523adsd0-0054t@test.data.com policy_ga21 2459149802892628500 Ongoing Long Beach Unified School District NL 2 7.896 Ballots -1.04759 Pays-de-la-Loire 19.2.5.21 Tenant Migration across MPs 1676246419 CloudApp datapolicy asdf523adsd0-0054t@test.data.com https://drive.google.com asdf523adsd0-0054t@test.data.com asdf523adsd0-0054t@test.data.com 0 0 0 0 [] 0 FALSE 0 0 0 0 0 0 0 0 0 0 0 alertsdlpdata_CL

11
Sample Data/Custom/Netskope/alertsmalsitedata_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,11 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,_id_s,access_method_s,acked_s,action_s,alert_s,alert_name_s,alert_type_s,app_s,appcategory_s,browser_s,Category,cci_d,ccl_s,count_d,device_s,dst_country_s,dst_geoip_src_d,dst_latitude_d,dst_location_s,dst_longitude_d,dst_region_s,dst_zipcode_s,dstip_s,object_s,object_type_s,organization_unit_s,os_s,other_categories_s,policy_s,request_id_s,site_s,src_country_s,src_geoip_src_d,src_latitude_d,src_location_s,src_longitude_d,src_region_s,src_zipcode_s,srcip_s,timestamp_d,traffic_type_s,type_s,ur_normalized_s,url_s,user_s,src_time_s,serial_s,browser_version_s,page_s,severity_level_s,malsite_hostility_s,hostname_s,malsite_region_s,telemetry_app_s,ja3_s,gateway_s,transaction_id_d,suppression_start_time_d,malsite_category_s,malsite_confidence_d,malsite_latitude_d,userip_s,malsite_longitude_d,malsite_active_s,malsite_last_seen_d,numbytes_d,req_cnt_d,dst_timezone_s,managed_app_s,malsite_id_s,protocol_s,threat_match_field_s,browser_session_id_d,suppression_end_time_d,ja3s_s,incident_id_d,notify_template_s,appsuite_s,log_file_name_s,referer_s,fromlogs_s,sAMAccountName_s,threat_source_id_d,server_bytes_d,universal_connector_s,aggregated_user_s,device_classification_s,org_s,policy_id_s,page_site_s,useragent_s,malsite_ip_host_s,os_version_s,malicious_s,from_user_s,severity_s,department_s,malsite_reputation_s,connection_id_d,dsthost_s,sfwder_s,malsite_first_seen_d,severity_level_id_d,co_s,malsite_country_s,src_timezone_s,division_s,threat_match_value_s,app_session_id_d,resp_cnt_d,malsite_consecutive_s,conn_duration_d,client_bytes_d,dstport_d,cci_s,Type,_ResourceId
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:20:01 AM",,,b1f9ebbb882e1615f92c5d45,API Connector,FALSE,block,yes,malsite visit,malsite,iView Systems iTrak,Cloud Storage,unknown,Cloud Storage,7,poor,1,ZTE - P253A20,US,2,55.8234,Boardman,-109.7257,Oregon,97818,1.2.3.4,RqSvsczFIwhxOsgh,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 10.0,[],policy_ga32,2459149802892628500,iView Systems,IN,2,22.9634,Bengaluru,87.5855,Karnataka,560058,5.6.7.8,1706217736,CloudApp,nspolicy,dummyuser1@something.com,https://drive.google.com,dummyuser1@something.com,,,,,,,,,,,,0,0,[],0,0,,0,,0,0,0,,,,,,0,0,,0,,,,,,,0,0,,,,,,,,,,,,,,,0,,,0,0,,,,,,0,0,,0,0,0,,alertsmalsitedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:20:01 AM",,,b25d030ece756fd5be78957c,API Connector,FALSE,,yes,malsite visit,malsite,Breez,Cloud Storage,unknown,Cloud Storage,,unknown,1,iPhone 7 Plus,US,2,42.7936,San Diego,-107.0689,California,92120,1.2.3.4,ItJxmezUvgSbKxuc,File,netskope.local/Netskope/Active Users/US & International/Full Time,iOS 9.0,[],policy_ga7,2459149802892628500,Breez Workforce,IN,2,22.9634,Bengaluru,87.5855,Karnataka,560058,5.6.7.8,1706216427,CloudApp,nspolicy,dummyuser2@something.com,https://drive.google.com,dummyuser2@something.com,,,,,,,,,,,,0,0,[],0,0,,0,,0,0,0,,,,,,0,0,,0,,,,,,,0,0,,,,,,,,,,,,,,,0,,,0,0,,,,,,0,0,,0,0,0,,alertsmalsitedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:20:01 AM",,,b28085207865fa1b9e588566,API Connector,TRUE,block,yes,malsite visit,malsite,Shooter Suite,Cloud Storage,unknown,Cloud Storage,12,poor,1,Other,FR,1,57.89616,Ballots,-9.04759,Pays-de-la-Loire,,1.2.3.4,rGiqortgWUXxQNPb,File,netskope.local/Netskope/Active Users/US & International/Full Time,Windows 7.0,[],policy_ga50,2459149802892628500,Shooter Suite,IN,2,22.9634,Bengaluru,87.5855,Karnataka,560058,5.6.7.8,1706217380,CloudApp,nspolicy,dummyuser3@something.com,https://drive.google.com,dummyuser3@something.com,,,,,,,,,,,,0,0,[],0,0,,0,,0,0,0,,,,,,0,0,,0,,,,,,,0,0,,,,,,,,,,,,,,,0,,,0,0,,,,,,0,0,,0,0,0,,alertsmalsitedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:20:01 AM",,,b525976fe8c0caef7ab4ffe4,API Connector,FALSE,block,yes,malsite visit,malsite,c4.ai,Cloud Storage,unknown,Cloud Storage,,,1,ZTE - P726CU,US,2,55.8234,Boardman,-109.7257,Oregon,97818,1.2.3.4,ErLohkwYkJyYqEZA,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 10.0,[],policy_ga27,2459149802892628500,c4.ai,FR,1,57.89616,Ballots,-9.04759,Pays-de-la-Loire,,5.6.7.8,1706216526,CloudApp,nspolicy,dummyuser4@something.com,https://drive.google.com,dummyuser4@something.com,,,,,,,,,,,,0,0,[],0,0,,0,,0,0,0,,,,,,0,0,,0,,,,,,,0,0,,,,,,,,,,,,,,,0,,,0,0,,,,,,0,0,,0,0,0,,alertsmalsitedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:20:01 AM",,,b7827cd9b0029b21ecddfaf3,API Connector,FALSE,block,yes,malsite visit,malsite,Invoice Journal,Cloud Storage,unknown,Cloud Storage,17,poor,1,Other,FR,1,57.89616,Ballots,-9.04759,Pays-de-la-Loire,,1.2.3.4,GfMnrzfEJJhiWCQW,File,netskope.local/Netskope/Active Users/US & International/Full Time,Windows 7.1,[],policy_ga30,2459149802892628500,Invoice Journal,US,2,42.7936,San Diego,-107.0689,California,92120,5.6.7.8,1706215369,CloudApp,nspolicy,dummyuser5@something.com,https://drive.google.com,dummyuser5@something.com,,,,,,,,,,,,0,0,[],0,0,,0,,0,0,0,,,,,,0,0,,0,,,,,,,0,0,,,,,,,,,,,,,,,0,,,0,0,,,,,,0,0,,0,0,0,,alertsmalsitedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:20:01 AM",,,bc5b7d68ebdf75e4d49dc9f3,API Connector,FALSE,block,yes,malsite visit,malsite,mTraction Enterprise,Cloud Storage,unknown,Cloud Storage,31,poor,1,iPod Touch (7th gen),US,2,42.7936,San Diego,-107.0689,California,92120,1.2.3.4,paIeBTpVEHDowOZl,File,netskope.local/Netskope/Active Users/US & International/Full Time,iOS 11.1,[],policy_ga24,2459149802892628500,mTraction Enterprise,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,1706216937,CloudApp,nspolicy,dummyuser6@something.com,https://drive.google.com,dummyuser6@something.com,,,,,,,,,,,,0,0,[],0,0,,0,,0,0,0,,,,,,0,0,,0,,,,,,,0,0,,,,,,,,,,,,,,,0,,,0,0,,,,,,0,0,,0,0,0,,alertsmalsitedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:20:01 AM",,,bee8f8d42ea78bf96ce14e96,API Connector,TRUE,block,yes,malsite visit,malsite,Prevalent Exchange,Cloud Storage,unknown,Cloud Storage,9,poor,1,iPod Touch (7th gen),FR,1,57.89616,Ballots,-9.04759,Pays-de-la-Loire,,1.2.3.4,shWjouRiDIvMztpE,File,netskope.local/Netskope/Active Users/US & International/Full Time,iOS 9.0,[],policy_ga14,2459149802892628500,Prevalent Exchange,FR,1,57.89616,Ballots,-9.04759,Pays-de-la-Loire,,5.6.7.8,1706216511,CloudApp,nspolicy,dummyuser7@something.com,https://drive.google.com,dummyuser7@something.com,,,,,,,,,,,,0,0,[],0,0,,0,,0,0,0,,,,,,0,0,,0,,,,,,,0,0,,,,,,,,,,,,,,,0,,,0,0,,,,,,0,0,,0,0,0,,alertsmalsitedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:20:01 AM",,,c1d5176d79c2966f1469adb8,API Connector,TRUE,block,yes,malsite visit,malsite,Saks Fifth Avenue,Cloud Storage,unknown,Cloud Storage,,unknown,1,ZTE - Grand-S,US,2,42.7936,San Diego,-107.0689,California,92120,1.2.3.4,rXTxwhWMsKCRzdhR,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 10.0,[],policy_ga5,2459149802892628500,Saks Fifth Avenue,DE,2,60.1188,Frankfurt am Main,18.6843,Hesse,60313,5.6.7.8,1706216288,CloudApp,nspolicy,dummyuser8@something.com,https://drive.google.com,dummyuser8@something.com,,,,,,,,,,,,0,0,[],0,0,,0,,0,0,0,,,,,,0,0,,0,,,,,,,0,0,,,,,,,,,,,,,,,0,,,0,0,,,,,,0,0,,0,0,0,,alertsmalsitedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:20:01 AM",,,c227ac21e5100efb60bc326c,API Connector,FALSE,alert,yes,malsite visit,malsite,WebDT Device Manager,Cloud Storage,unknown,Cloud Storage,17,poor,1,Other,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,1.2.3.4,OnCANjfzjzRhwNOj,File,netskope.local/Netskope/Active Users/US & International/Full Time,Windows 11.0,[],policy_ga4,2459149802892628500,WebDT Device Manager,FR,1,57.89616,Ballots,-9.04759,Pays-de-la-Loire,,5.6.7.8,1706216116,CloudApp,nspolicy,dummyuser9@something.com,https://drive.google.com,dummyuser9@something.com,,,,,,,,,,,,0,0,[],0,0,,0,,0,0,0,,,,,,0,0,,0,,,,,,,0,0,,,,,,,,,,,,,,,0,,,0,0,,,,,,0,0,,0,0,0,,alertsmalsitedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:20:01 AM",,,c47b36315e5d5c42f40d3c34,API Connector,TRUE,block,yes,malsite visit,malsite,Changepoint Project Portfolio Management,Cloud Storage,unknown,Cloud Storage,,,1,iPhone XR,IN,2,22.9634,Bengaluru,87.5855,Karnataka,560058,1.2.3.4,dGMqwyyPUholwvuO,File,netskope.local/Netskope/Active Users/US & International/Full Time,iOS 9.0,[],policy_ga0,2459149802892628500,Changepoint Daptiv,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,1706215872,CloudApp,nspolicy,dummyuser10@something.com,https://drive.google.com,dummyuser10@something.com,,,,,,,,,,,,0,0,[],0,0,,0,,0,0,0,,,,,,0,0,,0,,,,,,,0,0,,,,,,,,,,,,,,,0,,,0,0,,,,,,0,0,,0,0,0,,alertsmalsitedata_CL,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData _id_s access_method_s acked_s action_s alert_s alert_name_s alert_type_s app_s appcategory_s browser_s Category cci_d ccl_s count_d device_s dst_country_s dst_geoip_src_d dst_latitude_d dst_location_s dst_longitude_d dst_region_s dst_zipcode_s dstip_s object_s object_type_s organization_unit_s os_s other_categories_s policy_s request_id_s site_s src_country_s src_geoip_src_d src_latitude_d src_location_s src_longitude_d src_region_s src_zipcode_s srcip_s timestamp_d traffic_type_s type_s ur_normalized_s url_s user_s src_time_s serial_s browser_version_s page_s severity_level_s malsite_hostility_s hostname_s malsite_region_s telemetry_app_s ja3_s gateway_s transaction_id_d suppression_start_time_d malsite_category_s malsite_confidence_d malsite_latitude_d userip_s malsite_longitude_d malsite_active_s malsite_last_seen_d numbytes_d req_cnt_d dst_timezone_s managed_app_s malsite_id_s protocol_s threat_match_field_s browser_session_id_d suppression_end_time_d ja3s_s incident_id_d notify_template_s appsuite_s log_file_name_s referer_s fromlogs_s sAMAccountName_s threat_source_id_d server_bytes_d universal_connector_s aggregated_user_s device_classification_s org_s policy_id_s page_site_s useragent_s malsite_ip_host_s os_version_s malicious_s from_user_s severity_s department_s malsite_reputation_s connection_id_d dsthost_s sfwder_s malsite_first_seen_d severity_level_id_d co_s malsite_country_s src_timezone_s division_s threat_match_value_s app_session_id_d resp_cnt_d malsite_consecutive_s conn_duration_d client_bytes_d dstport_d cci_s Type _ResourceId
2 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:20:01 AM b1f9ebbb882e1615f92c5d45 API Connector FALSE block yes malsite visit malsite iView Systems iTrak Cloud Storage unknown Cloud Storage 7 poor 1 ZTE - P253A20 US 2 55.8234 Boardman -109.7257 Oregon 97818 1.2.3.4 RqSvsczFIwhxOsgh File netskope.local/Netskope/Active Users/US & International/Full Time Android 10.0 [] policy_ga32 2459149802892628500 iView Systems IN 2 22.9634 Bengaluru 87.5855 Karnataka 560058 5.6.7.8 1706217736 CloudApp nspolicy dummyuser1@something.com https://drive.google.com dummyuser1@something.com 0 0 [] 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 alertsmalsitedata_CL
3 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:20:01 AM b25d030ece756fd5be78957c API Connector FALSE yes malsite visit malsite Breez Cloud Storage unknown Cloud Storage unknown 1 iPhone 7 Plus US 2 42.7936 San Diego -107.0689 California 92120 1.2.3.4 ItJxmezUvgSbKxuc File netskope.local/Netskope/Active Users/US & International/Full Time iOS 9.0 [] policy_ga7 2459149802892628500 Breez Workforce IN 2 22.9634 Bengaluru 87.5855 Karnataka 560058 5.6.7.8 1706216427 CloudApp nspolicy dummyuser2@something.com https://drive.google.com dummyuser2@something.com 0 0 [] 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 alertsmalsitedata_CL
4 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:20:01 AM b28085207865fa1b9e588566 API Connector TRUE block yes malsite visit malsite Shooter Suite Cloud Storage unknown Cloud Storage 12 poor 1 Other FR 1 57.89616 Ballots -9.04759 Pays-de-la-Loire 1.2.3.4 rGiqortgWUXxQNPb File netskope.local/Netskope/Active Users/US & International/Full Time Windows 7.0 [] policy_ga50 2459149802892628500 Shooter Suite IN 2 22.9634 Bengaluru 87.5855 Karnataka 560058 5.6.7.8 1706217380 CloudApp nspolicy dummyuser3@something.com https://drive.google.com dummyuser3@something.com 0 0 [] 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 alertsmalsitedata_CL
5 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:20:01 AM b525976fe8c0caef7ab4ffe4 API Connector FALSE block yes malsite visit malsite c4.ai Cloud Storage unknown Cloud Storage 1 ZTE - P726CU US 2 55.8234 Boardman -109.7257 Oregon 97818 1.2.3.4 ErLohkwYkJyYqEZA File netskope.local/Netskope/Active Users/US & International/Full Time Android 10.0 [] policy_ga27 2459149802892628500 c4.ai FR 1 57.89616 Ballots -9.04759 Pays-de-la-Loire 5.6.7.8 1706216526 CloudApp nspolicy dummyuser4@something.com https://drive.google.com dummyuser4@something.com 0 0 [] 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 alertsmalsitedata_CL
6 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:20:01 AM b7827cd9b0029b21ecddfaf3 API Connector FALSE block yes malsite visit malsite Invoice Journal Cloud Storage unknown Cloud Storage 17 poor 1 Other FR 1 57.89616 Ballots -9.04759 Pays-de-la-Loire 1.2.3.4 GfMnrzfEJJhiWCQW File netskope.local/Netskope/Active Users/US & International/Full Time Windows 7.1 [] policy_ga30 2459149802892628500 Invoice Journal US 2 42.7936 San Diego -107.0689 California 92120 5.6.7.8 1706215369 CloudApp nspolicy dummyuser5@something.com https://drive.google.com dummyuser5@something.com 0 0 [] 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 alertsmalsitedata_CL
7 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:20:01 AM bc5b7d68ebdf75e4d49dc9f3 API Connector FALSE block yes malsite visit malsite mTraction Enterprise Cloud Storage unknown Cloud Storage 31 poor 1 iPod Touch (7th gen) US 2 42.7936 San Diego -107.0689 California 92120 1.2.3.4 paIeBTpVEHDowOZl File netskope.local/Netskope/Active Users/US & International/Full Time iOS 11.1 [] policy_ga24 2459149802892628500 mTraction Enterprise NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 1706216937 CloudApp nspolicy dummyuser6@something.com https://drive.google.com dummyuser6@something.com 0 0 [] 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 alertsmalsitedata_CL
8 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:20:01 AM bee8f8d42ea78bf96ce14e96 API Connector TRUE block yes malsite visit malsite Prevalent Exchange Cloud Storage unknown Cloud Storage 9 poor 1 iPod Touch (7th gen) FR 1 57.89616 Ballots -9.04759 Pays-de-la-Loire 1.2.3.4 shWjouRiDIvMztpE File netskope.local/Netskope/Active Users/US & International/Full Time iOS 9.0 [] policy_ga14 2459149802892628500 Prevalent Exchange FR 1 57.89616 Ballots -9.04759 Pays-de-la-Loire 5.6.7.8 1706216511 CloudApp nspolicy dummyuser7@something.com https://drive.google.com dummyuser7@something.com 0 0 [] 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 alertsmalsitedata_CL
9 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:20:01 AM c1d5176d79c2966f1469adb8 API Connector TRUE block yes malsite visit malsite Saks Fifth Avenue Cloud Storage unknown Cloud Storage unknown 1 ZTE - Grand-S US 2 42.7936 San Diego -107.0689 California 92120 1.2.3.4 rXTxwhWMsKCRzdhR File netskope.local/Netskope/Active Users/US & International/Full Time Android 10.0 [] policy_ga5 2459149802892628500 Saks Fifth Avenue DE 2 60.1188 Frankfurt am Main 18.6843 Hesse 60313 5.6.7.8 1706216288 CloudApp nspolicy dummyuser8@something.com https://drive.google.com dummyuser8@something.com 0 0 [] 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 alertsmalsitedata_CL
10 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:20:01 AM c227ac21e5100efb60bc326c API Connector FALSE alert yes malsite visit malsite WebDT Device Manager Cloud Storage unknown Cloud Storage 17 poor 1 Other NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 1.2.3.4 OnCANjfzjzRhwNOj File netskope.local/Netskope/Active Users/US & International/Full Time Windows 11.0 [] policy_ga4 2459149802892628500 WebDT Device Manager FR 1 57.89616 Ballots -9.04759 Pays-de-la-Loire 5.6.7.8 1706216116 CloudApp nspolicy dummyuser9@something.com https://drive.google.com dummyuser9@something.com 0 0 [] 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 alertsmalsitedata_CL
11 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:20:01 AM c47b36315e5d5c42f40d3c34 API Connector TRUE block yes malsite visit malsite Changepoint Project Portfolio Management Cloud Storage unknown Cloud Storage 1 iPhone XR IN 2 22.9634 Bengaluru 87.5855 Karnataka 560058 1.2.3.4 dGMqwyyPUholwvuO File netskope.local/Netskope/Active Users/US & International/Full Time iOS 9.0 [] policy_ga0 2459149802892628500 Changepoint Daptiv NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 1706215872 CloudApp nspolicy dummyuser10@something.com https://drive.google.com dummyuser10@something.com 0 0 [] 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 alertsmalsitedata_CL

11
Sample Data/Custom/Netskope/alertsmalwaredata_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,11 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,_id_s,access_method_s,acked_s,action_s,activity_s,alert_s,alert_name_s,alert_type_s,app_s,appcategory_s,browser_s,Category,cci_s,ccl_s,count_d,device_s,dst_country_s,dst_geoip_src_d,dst_latitude_d,dst_location_s,dst_longitude_d,dst_region_s,dst_zipcode_s,dstip_s,file_path_s,file_size_d,file_type_s,instance_s,instance_id_s,local_sha256_s,md5_g,mime_type_s,object_s,object_id_s,object_type_s,organization_unit_s,os_s,policy_s,request_id_s,scan_type_s,site_s,src_country_s,src_geoip_src_d,src_latitude_d,src_location_s,src_longitude_d,src_region_s,src_zipcode_s,srcip_s,timestamp_d,traffic_type_s,type_s,ur_normalized_s,url_s,user_s,user_id_s,file_category_s,app_session_id_d,created_date_d,policy_id_s,transaction_id_d,usr_udf_employeeid_s,managementID_s,malware_name_s,company_s,usr_status_s,usr_udf_businesssegmentlevel4_s,dst_timezone_s,parent_id_s,file_name_s,tss_license_s,manager_s,modified_date_d,page_site_s,nsdeviceuid_s,usr_udf_businesssegmentlevel1_s,usr_udf_companyname_s,malware_profile_s,true_filetype_s,usr_title_s,usr_udf_primarydomain_s,browser_version_s,appsuite_s,malware_id_s,from_user_s,detection_type_s,sha1_s,userip_s,browser_session_id_d,severity_id_d,usr_display_name_s,department_s,usr_udf_businesssegmentlevel2_s,hostname_s,filename_s,referer_s,usr_udf_supervisorid_s,sanctioned_instance_s,file_id_s,src_time_s,app_name_s,TSS_scan_s,malware_severity_s,os_version_s,userPrincipalName_s,usr_udf_supervisorname_s,severity_s,detection_engine_s,managed_app_s,shared_with_s,connection_id_d,page_s,scanner_result_s,usr_udf_businesssegmentlevel3_s,shared_type_s,userCountry_s,device_classification_s,scan_time_d,tss_mode_s,protocol_s,local_md5_s,src_timezone_s,fastscan_results_s,title_s,incident_id_d,malware_type_s,ml_detection_s,cci_d,Type,_ResourceId
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/16/2024, 1:46:15 PM",,,b3a4362d71d29d226de6cdd0,API Connector,FALSE,alert,Login Failed,yes,Malware alert,Malware,Social Explorer,Cloud Storage,unknown,Cloud Storage,,poor,1,iPhone XS Max,NL,2,53.7,Amsterdam,-19.72,North Holland,1012,1.2.3.4,/My Drive/Clickhouse/Tenant Migration across MPs,118731,application.document,datainstance.com,datainstance.com,3d9d42f7c17b46fd4f6cffa2ce134ebaa2488ed4d705c0da70da25c52b22406a,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,GTtUiTMvYcMICtmP,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,Windows 7.0,policy_ga5,2459149802892628500,Ongoing,Social Explorer,NL,2,53.7,Amsterdam,-19.72,North Holland,1012,1.2.3.4,1676243502,CloudApp,datapolicy,adsf2343adf-0566t@test.data.com,https://drive.google.com,adsf2343adf-0566t@test.data.com,,,0,0,,0,,,,,,,,,,,,0,,,,,,,,,,,,,,,,0,0,,,,,,,,,,,,,,,,,,,,[],0,,,,,,,0,,,,,,,0,,,11,alertsmalwaredata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/16/2024, 1:46:15 PM",,,b3af6d82f16a7807e1bd22a6,API Connector,TRUE,block,Login Failed,yes,Malware alert,Malware,FastTrak Auto Shop Manager,Cloud Storage,unknown,Cloud Storage,,poor,1,ZTE - Grand-S,IN,2,12.9634,Mumbai,4.8975,Maharashtra,97818,3.86.29.24,/My Drive/Clickhouse/Tenant Migration across MPs,118848,application.document,datainstance.com,datainstance.com,4526efb334620e58c148dd11616a72b82d4bcbe50da5fad1a67df9945f162dda,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,FDveLzHoNLVWZOlZ,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,Windows 11.0,policy_ga5,2459149802892628500,Ongoing,FastTrak Auto Shop Manager,IN,2,12.9634,Mumbai,4.8975,Maharashtra,400072,3.86.29.24,1676243507,CloudApp,datapolicy,adsf2343adf-0711t@test.data.com,https://drive.google.com,adsf2343adf-0711t@test.data.com,,,0,0,,0,,,,,,,,,,,,0,,,,,,,,,,,,,,,,0,0,,,,,,,,,,,,,,,,,,,,[],0,,,,,,,0,,,,,,,0,,,16,alertsmalwaredata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/16/2024, 1:46:15 PM",,,b3c29be50ffe526f7847e1d3,API Connector,FALSE,alert,Edit,yes,Malware alert,Malware,Free Logo Services,Cloud Storage,unknown,Cloud Storage,,poor,1,iPhone XR,NL,2,7.896,Amsterdam,12.9634,North Holland,1012,13.248.55.2,/My Drive/Clickhouse/Tenant Migration across MPs,119327,application.document,datainstance.com,datainstance.com,77455ecfc09c5e228c7ac283ee1f003404405dc863563568de7c99531daea3d4,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,zriWMmSVpvVqdoCH,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,Android 11.0,policy_ga51,2459149802892628500,Ongoing,Free Logo Services,NL,2,7.896,Amsterdam,12.9634,North Holland,1012,13.248.55.2,1676243507,CloudApp,datapolicy,adsf2343adf-0669t@test.data.com,https://drive.google.com,adsf2343adf-0669t@test.data.com,,,0,0,,0,,,,,,,,,,,,0,,,,,,,,,,,,,,,,0,0,,,,,,,,,,,,,,,,,,,,[],0,,,,,,,0,,,,,,,0,,,20,alertsmalwaredata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/16/2024, 1:46:15 PM",,,b3f42b2b5d1a355519660ece,API Connector,TRUE,block,Upload,yes,Malware alert,Malware,Kiosk Software,Cloud Storage,unknown,Cloud Storage,,poor,1,iPhone 15,NL,2,53.7,Amsterdam,4.8975,North Holland,1012,1.2.3.4,/My Drive/Clickhouse/Tenant Migration across MPs,118887,application.document,datainstance.com,datainstance.com,186e83cac6055eaba3f83730dab2f5a4f90d22a6c0515c29baca01fa34db10c6,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,WbhpPsmLXptLIUnJ,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 10.1,policy_ga15,2459149802892628500,Ongoing,Kiosk Software,DE,2,53.7,Frankfurt am Main,4.8975,Hesse,60313,1.2.3.4,1676243505,CloudApp,datapolicy,adsf2343adf-0779t@test.data.com,https://drive.google.com,adsf2343adf-0779t@test.data.com,,,0,0,,0,,,,,,,,,,,,0,,,,,,,,,,,,,,,,0,0,,,,,,,,,,,,,,,,,,,,[],0,,,,,,,0,,,,,,,0,,,29,alertsmalwaredata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/16/2024, 1:46:15 PM",,,b419629fbfed7288030304d1,API Connector,FALSE,alert,Upload,yes,Malware alert,Malware,The Invoice Machine,Cloud Storage,unknown,Cloud Storage,,poor,1,Samsung Fold 5,NL,2,12.9634,Amsterdam,7.896,North Holland,1012,3.86.29.24,/My Drive/Clickhouse/Tenant Migration across MPs,119336,application.document,datainstance.com,datainstance.com,5c7592801457d82a13d84abcd840d92d5484a739652d089b8603a8c8b77a9549,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,aJwpPFuFOAPWGcjr,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 11.1,policy_ga14,2459149802892628500,Ongoing,The Invoice Machine,FR,2,12.9634,Paris,7.896,Île-de-France,75015,3.86.29.24,1676243503,CloudApp,datapolicy,adsf2343adf-0579t@test.data.com,https://drive.google.com,adsf2343adf-0579t@test.data.com,,,0,0,,0,,,,,,,,,,,,0,,,,,,,,,,,,,,,,0,0,,,,,,,,,,,,,,,,,,,,[],0,,,,,,,0,,,,,,,0,,,21,alertsmalwaredata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/16/2024, 1:46:15 PM",,,b429384cc1752d435d684d65,API Connector,TRUE,block,Login Successful,yes,Malware alert,Malware,Payara Server,Cloud Storage,unknown,Cloud Storage,,low,1,iPhone 11,NL,2,53.7,Amsterdam,4.8975,North Holland,1012,13.248.55.2,/My Drive/Clickhouse/Tenant Migration across MPs,118917,application.document,datainstance.com,datainstance.com,698d7e4953d8addbac44c4779de288338a129870185c885bb978ec1bc2b0af63,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,FmWYpIIgzpsTUMnc,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 9.0,policy_ga25,2459149802892628500,Ongoing,Payara Server,US,2,53.7,Lakeside,4.8975,California,92040,13.248.55.2,1676243506,CloudApp,datapolicy,adsf2343adf-0850t@test.data.com,https://drive.google.com,adsf2343adf-0850t@test.data.com,,,0,0,,0,,,,,,,,,,,,0,,,,,,,,,,,,,,,,0,0,,,,,,,,,,,,,,,,,,,,[],0,,,,,,,0,,,,,,,0,,,56,alertsmalwaredata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/16/2024, 1:46:15 PM",,,b470d16e1622fcd2b286c642,API Connector,FALSE,,Create,yes,Malware alert,Malware,IIJ Document Exchange service(DOX),Cloud Storage,unknown,Cloud Storage,,medium,1,ZTE - P188T20,FR,2,52.3759,Paris,7.896,Île-de-France,560058,1.2.3.4,/My Drive/Clickhouse/Tenant Migration across MPs,118703,application.document,datainstance.com,datainstance.com,29247291575b67e2c5dc5fa2ff9fdfbc5e1fc762294a3d769adbf7815af187dc,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,LQmUNyqmcMbxDMHB,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,Windows 10.0,policy_ga6,2459149802892628500,Ongoing,IIJ Document Exchange service(DOX),IN,2,52.3759,Mumbai,7.896,Maharashtra,400072,1.2.3.4,1676243504,CloudApp,datapolicy,adsf2343adf-0025t@test.data.com,https://drive.google.com,adsf2343adf-0025t@test.data.com,,,0,0,,0,,,,,,,,,,,,0,,,,,,,,,,,,,,,,0,0,,,,,,,,,,,,,,,,,,,,[],0,,,,,,,0,,,,,,,0,,,66,alertsmalwaredata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/16/2024, 1:46:15 PM",,,b486a452f7d46ed8de8860bd,API Connector,FALSE,alert,Edit,yes,Malware alert,Malware,PixelPoint POS,Cloud Storage,unknown,Cloud Storage,,unknown,1,Other,NL,2,12.9634,Amsterdam,-19.72,North Holland,1212,3.86.29.24,/My Drive/Clickhouse/Tenant Migration across MPs,118514,application.document,datainstance.com,datainstance.com,da2b2b74bc415044450c48306964303df796bd304de92f3f743f82230fa3d2f3,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,iHsMaDgTXScNiLFY,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,Android 10.0,policy_ga23,2459149802892628500,Ongoing,PixelPoint POS,NL,2,12.9634,Amsterdam,-19.72,North Holland,1012,3.86.29.24,1676243490,CloudApp,datapolicy,adsf2343adf-0729t@test.data.com,https://drive.google.com,adsf2343adf-0729t@test.data.com,,,0,0,,0,,,,,,,,,,,,0,,,,,,,,,,,,,,,,0,0,,,,,,,,,,,,,,,,,,,,[],0,,,,,,,0,,,,,,,0,,,23,alertsmalwaredata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/16/2024, 1:46:15 PM",,,b4d0f147a9b622a9b41d8bf6,API Connector,TRUE,,Delete,yes,Malware alert,Malware,VAI S2K Enterprise OnCloud,Cloud Storage,unknown,Cloud Storage,,poor,1,Samsung Fold 5,US,2,53.7,Lakeside,77.5855,California,321,13.248.55.2,/My Drive/Clickhouse/Tenant Migration across MPs,118453,application.document,datainstance.com,datainstance.com,79770436de57c49c35ce76bf15d8b8b7c133ea98fdc6f17bf9203bd6ae2b5040,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,mRSaqeGlcgaJZWXq,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 9.0,policy_ga5,2459149802892628500,Ongoing,Vormittag Associates S2K Enterprise,DE,2,53.7,Frankfurt am Main,77.5855,Hesse,60313,13.248.55.2,1676243507,CloudApp,datapolicy,adsf2343adf-0430t@test.data.com,https://drive.google.com,adsf2343adf-0430t@test.data.com,,,0,0,,0,,,,,,,,,,,,0,,,,,,,,,,,,,,,,0,0,,,,,,,,,,,,,,,,,,,,[],0,,,,,,,0,,,,,,,0,,,17,alertsmalwaredata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/16/2024, 1:46:15 PM",,,b4fa8fa4af7120854935d4e1,API Connector,FALSE,alert,Edit,yes,Malware alert,Malware,360-degree feedback,Cloud Storage,unknown,Cloud Storage,,poor,1,iPhone 8,US,2,7.896,Boardman,-1.04759,Oregon,1213,19.2.5.21,/My Drive/Clickhouse/Tenant Migration across MPs,119016,application.document,datainstance.com,datainstance.com,51e6e9750183770eade936144207e4c24ee69f8aacc5756294fae050147d80eb,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,lLeyOMmAIRLXPhYE,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 9.6,policy_ga28,2459149802892628500,Ongoing,360-degree feedback,NL,2,7.896,Amsterdam,-1.04759,North Holland,1012,19.2.5.21,1676243510,CloudApp,datapolicy,adsf2343adf-0640t@test.data.com,https://drive.google.com,adsf2343adf-0640t@test.data.com,,,0,0,,0,,,,,,,,,,,,0,,,,,,,,,,,,,,,,0,0,,,,,,,,,,,,,,,,,,,,[],0,,,,,,,0,,,,,,,0,,,16,alertsmalwaredata_CL,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData _id_s access_method_s acked_s action_s activity_s alert_s alert_name_s alert_type_s app_s appcategory_s browser_s Category cci_s ccl_s count_d device_s dst_country_s dst_geoip_src_d dst_latitude_d dst_location_s dst_longitude_d dst_region_s dst_zipcode_s dstip_s file_path_s file_size_d file_type_s instance_s instance_id_s local_sha256_s md5_g mime_type_s object_s object_id_s object_type_s organization_unit_s os_s policy_s request_id_s scan_type_s site_s src_country_s src_geoip_src_d src_latitude_d src_location_s src_longitude_d src_region_s src_zipcode_s srcip_s timestamp_d traffic_type_s type_s ur_normalized_s url_s user_s user_id_s file_category_s app_session_id_d created_date_d policy_id_s transaction_id_d usr_udf_employeeid_s managementID_s malware_name_s company_s usr_status_s usr_udf_businesssegmentlevel4_s dst_timezone_s parent_id_s file_name_s tss_license_s manager_s modified_date_d page_site_s nsdeviceuid_s usr_udf_businesssegmentlevel1_s usr_udf_companyname_s malware_profile_s true_filetype_s usr_title_s usr_udf_primarydomain_s browser_version_s appsuite_s malware_id_s from_user_s detection_type_s sha1_s userip_s browser_session_id_d severity_id_d usr_display_name_s department_s usr_udf_businesssegmentlevel2_s hostname_s filename_s referer_s usr_udf_supervisorid_s sanctioned_instance_s file_id_s src_time_s app_name_s TSS_scan_s malware_severity_s os_version_s userPrincipalName_s usr_udf_supervisorname_s severity_s detection_engine_s managed_app_s shared_with_s connection_id_d page_s scanner_result_s usr_udf_businesssegmentlevel3_s shared_type_s userCountry_s device_classification_s scan_time_d tss_mode_s protocol_s local_md5_s src_timezone_s fastscan_results_s title_s incident_id_d malware_type_s ml_detection_s cci_d Type _ResourceId
2 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/16/2024, 1:46:15 PM b3a4362d71d29d226de6cdd0 API Connector FALSE alert Login Failed yes Malware alert Malware Social Explorer Cloud Storage unknown Cloud Storage poor 1 iPhone XS Max NL 2 53.7 Amsterdam -19.72 North Holland 1012 1.2.3.4 /My Drive/Clickhouse/Tenant Migration across MPs 118731 application.document datainstance.com datainstance.com 3d9d42f7c17b46fd4f6cffa2ce134ebaa2488ed4d705c0da70da25c52b22406a 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document GTtUiTMvYcMICtmP 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time Windows 7.0 policy_ga5 2459149802892628500 Ongoing Social Explorer NL 2 53.7 Amsterdam -19.72 North Holland 1012 1.2.3.4 1676243502 CloudApp datapolicy adsf2343adf-0566t@test.data.com https://drive.google.com adsf2343adf-0566t@test.data.com 0 0 0 0 0 0 [] 0 0 0 11 alertsmalwaredata_CL
3 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/16/2024, 1:46:15 PM b3af6d82f16a7807e1bd22a6 API Connector TRUE block Login Failed yes Malware alert Malware FastTrak Auto Shop Manager Cloud Storage unknown Cloud Storage poor 1 ZTE - Grand-S IN 2 12.9634 Mumbai 4.8975 Maharashtra 97818 3.86.29.24 /My Drive/Clickhouse/Tenant Migration across MPs 118848 application.document datainstance.com datainstance.com 4526efb334620e58c148dd11616a72b82d4bcbe50da5fad1a67df9945f162dda 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document FDveLzHoNLVWZOlZ 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time Windows 11.0 policy_ga5 2459149802892628500 Ongoing FastTrak Auto Shop Manager IN 2 12.9634 Mumbai 4.8975 Maharashtra 400072 3.86.29.24 1676243507 CloudApp datapolicy adsf2343adf-0711t@test.data.com https://drive.google.com adsf2343adf-0711t@test.data.com 0 0 0 0 0 0 [] 0 0 0 16 alertsmalwaredata_CL
4 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/16/2024, 1:46:15 PM b3c29be50ffe526f7847e1d3 API Connector FALSE alert Edit yes Malware alert Malware Free Logo Services Cloud Storage unknown Cloud Storage poor 1 iPhone XR NL 2 7.896 Amsterdam 12.9634 North Holland 1012 13.248.55.2 /My Drive/Clickhouse/Tenant Migration across MPs 119327 application.document datainstance.com datainstance.com 77455ecfc09c5e228c7ac283ee1f003404405dc863563568de7c99531daea3d4 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document zriWMmSVpvVqdoCH 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time Android 11.0 policy_ga51 2459149802892628500 Ongoing Free Logo Services NL 2 7.896 Amsterdam 12.9634 North Holland 1012 13.248.55.2 1676243507 CloudApp datapolicy adsf2343adf-0669t@test.data.com https://drive.google.com adsf2343adf-0669t@test.data.com 0 0 0 0 0 0 [] 0 0 0 20 alertsmalwaredata_CL
5 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/16/2024, 1:46:15 PM b3f42b2b5d1a355519660ece API Connector TRUE block Upload yes Malware alert Malware Kiosk Software Cloud Storage unknown Cloud Storage poor 1 iPhone 15 NL 2 53.7 Amsterdam 4.8975 North Holland 1012 1.2.3.4 /My Drive/Clickhouse/Tenant Migration across MPs 118887 application.document datainstance.com datainstance.com 186e83cac6055eaba3f83730dab2f5a4f90d22a6c0515c29baca01fa34db10c6 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document WbhpPsmLXptLIUnJ 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time iOS 10.1 policy_ga15 2459149802892628500 Ongoing Kiosk Software DE 2 53.7 Frankfurt am Main 4.8975 Hesse 60313 1.2.3.4 1676243505 CloudApp datapolicy adsf2343adf-0779t@test.data.com https://drive.google.com adsf2343adf-0779t@test.data.com 0 0 0 0 0 0 [] 0 0 0 29 alertsmalwaredata_CL
6 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/16/2024, 1:46:15 PM b419629fbfed7288030304d1 API Connector FALSE alert Upload yes Malware alert Malware The Invoice Machine Cloud Storage unknown Cloud Storage poor 1 Samsung Fold 5 NL 2 12.9634 Amsterdam 7.896 North Holland 1012 3.86.29.24 /My Drive/Clickhouse/Tenant Migration across MPs 119336 application.document datainstance.com datainstance.com 5c7592801457d82a13d84abcd840d92d5484a739652d089b8603a8c8b77a9549 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document aJwpPFuFOAPWGcjr 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time iOS 11.1 policy_ga14 2459149802892628500 Ongoing The Invoice Machine FR 2 12.9634 Paris 7.896 Île-de-France 75015 3.86.29.24 1676243503 CloudApp datapolicy adsf2343adf-0579t@test.data.com https://drive.google.com adsf2343adf-0579t@test.data.com 0 0 0 0 0 0 [] 0 0 0 21 alertsmalwaredata_CL
7 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/16/2024, 1:46:15 PM b429384cc1752d435d684d65 API Connector TRUE block Login Successful yes Malware alert Malware Payara Server Cloud Storage unknown Cloud Storage low 1 iPhone 11 NL 2 53.7 Amsterdam 4.8975 North Holland 1012 13.248.55.2 /My Drive/Clickhouse/Tenant Migration across MPs 118917 application.document datainstance.com datainstance.com 698d7e4953d8addbac44c4779de288338a129870185c885bb978ec1bc2b0af63 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document FmWYpIIgzpsTUMnc 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time iOS 9.0 policy_ga25 2459149802892628500 Ongoing Payara Server US 2 53.7 Lakeside 4.8975 California 92040 13.248.55.2 1676243506 CloudApp datapolicy adsf2343adf-0850t@test.data.com https://drive.google.com adsf2343adf-0850t@test.data.com 0 0 0 0 0 0 [] 0 0 0 56 alertsmalwaredata_CL
8 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/16/2024, 1:46:15 PM b470d16e1622fcd2b286c642 API Connector FALSE Create yes Malware alert Malware IIJ Document Exchange service(DOX) Cloud Storage unknown Cloud Storage medium 1 ZTE - P188T20 FR 2 52.3759 Paris 7.896 Île-de-France 560058 1.2.3.4 /My Drive/Clickhouse/Tenant Migration across MPs 118703 application.document datainstance.com datainstance.com 29247291575b67e2c5dc5fa2ff9fdfbc5e1fc762294a3d769adbf7815af187dc 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document LQmUNyqmcMbxDMHB 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time Windows 10.0 policy_ga6 2459149802892628500 Ongoing IIJ Document Exchange service(DOX) IN 2 52.3759 Mumbai 7.896 Maharashtra 400072 1.2.3.4 1676243504 CloudApp datapolicy adsf2343adf-0025t@test.data.com https://drive.google.com adsf2343adf-0025t@test.data.com 0 0 0 0 0 0 [] 0 0 0 66 alertsmalwaredata_CL
9 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/16/2024, 1:46:15 PM b486a452f7d46ed8de8860bd API Connector FALSE alert Edit yes Malware alert Malware PixelPoint POS Cloud Storage unknown Cloud Storage unknown 1 Other NL 2 12.9634 Amsterdam -19.72 North Holland 1212 3.86.29.24 /My Drive/Clickhouse/Tenant Migration across MPs 118514 application.document datainstance.com datainstance.com da2b2b74bc415044450c48306964303df796bd304de92f3f743f82230fa3d2f3 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document iHsMaDgTXScNiLFY 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time Android 10.0 policy_ga23 2459149802892628500 Ongoing PixelPoint POS NL 2 12.9634 Amsterdam -19.72 North Holland 1012 3.86.29.24 1676243490 CloudApp datapolicy adsf2343adf-0729t@test.data.com https://drive.google.com adsf2343adf-0729t@test.data.com 0 0 0 0 0 0 [] 0 0 0 23 alertsmalwaredata_CL
10 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/16/2024, 1:46:15 PM b4d0f147a9b622a9b41d8bf6 API Connector TRUE Delete yes Malware alert Malware VAI S2K Enterprise OnCloud Cloud Storage unknown Cloud Storage poor 1 Samsung Fold 5 US 2 53.7 Lakeside 77.5855 California 321 13.248.55.2 /My Drive/Clickhouse/Tenant Migration across MPs 118453 application.document datainstance.com datainstance.com 79770436de57c49c35ce76bf15d8b8b7c133ea98fdc6f17bf9203bd6ae2b5040 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document mRSaqeGlcgaJZWXq 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time iOS 9.0 policy_ga5 2459149802892628500 Ongoing Vormittag Associates S2K Enterprise DE 2 53.7 Frankfurt am Main 77.5855 Hesse 60313 13.248.55.2 1676243507 CloudApp datapolicy adsf2343adf-0430t@test.data.com https://drive.google.com adsf2343adf-0430t@test.data.com 0 0 0 0 0 0 [] 0 0 0 17 alertsmalwaredata_CL
11 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/16/2024, 1:46:15 PM b4fa8fa4af7120854935d4e1 API Connector FALSE alert Edit yes Malware alert Malware 360-degree feedback Cloud Storage unknown Cloud Storage poor 1 iPhone 8 US 2 7.896 Boardman -1.04759 Oregon 1213 19.2.5.21 /My Drive/Clickhouse/Tenant Migration across MPs 119016 application.document datainstance.com datainstance.com 51e6e9750183770eade936144207e4c24ee69f8aacc5756294fae050147d80eb 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document lLeyOMmAIRLXPhYE 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time iOS 9.6 policy_ga28 2459149802892628500 Ongoing 360-degree feedback NL 2 7.896 Amsterdam -1.04759 North Holland 1012 19.2.5.21 1676243510 CloudApp datapolicy adsf2343adf-0640t@test.data.com https://drive.google.com adsf2343adf-0640t@test.data.com 0 0 0 0 0 0 [] 0 0 0 16 alertsmalwaredata_CL

11
Sample Data/Custom/Netskope/alertspolicydata_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,11 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,_id_s,access_method_s,acked_s,action_s,activity_s,alert_s,alert_name_s,alert_type_s,app_s,appcategory_s,browser_s,Category,cci_d,ccl_s,count_d,device_s,dst_country_s,dst_geoip_src_d,dst_latitude_d,dst_location_s,dst_longitude_d,dst_region_s,dst_zipcode_s,dstip_s,exposure_s,file_path_s,file_size_d,file_type_s,instance_s,instance_id_s,md5_g,mime_type_s,modified_d,object_s,object_id_s,object_type_s,organization_unit_s,os_s,other_categories_s,owner_s,policy_s,request_id_s,scan_type_s,site_s,src_country_s,src_geoip_src_d,src_latitude_d,src_location_s,src_longitude_d,src_region_s,src_zipcode_s,srcip_s,suppression_key_s,timestamp_d,traffic_type_s,type_s,ur_normalized_s,url_s,user_s,network_session_id_s,telemetry_app_s,user_tmp_s,shared_with_s,referer_s,start_time_s,appsuite_s,malware_id_s,remediation_profile_s,suppression_start_time_d,hostname_s,managed_app_s,activity_status_s,from_user_s,user_id_s,file_category_s,dsthost_s,message_size_d,tunnel_type_s,end_time_s,malicious_s,quarantine_profile_id_s,browser_version_s,q_original_filepath_s,last_name_s,userCountry_s,manager_s,q_original_version_s,threat_match_field_s,publisher_cn_s,app_session_id_d,sAMAccountName_s,conn_duration_d,parent_id_s,from_object_s,connection_id_d,risk_level_s,total_collaborator_count_d,memberOf_s,notify_template_s,client_bytes_d,useragent_s,encrypt_failure_s,serial_s,quarantine_file_name_s,tunnel_id_s,from_storage_s,session_duration_d,page_site_s,browser_session_id_d,tunnel_up_time_d,resp_cnt_d,group_s,sAMAccountType_s,to_object_s,managementID_s,malware_severity_s,protocol_s,activity_type_s,q_original_filename_s,tss_mode_s,page_s,http_status_s,smtp_to_s,q_app_s,smtp_status_s,protocol_port_s,src_time_s,server_packets_d,sanctioned_instance_s,client_packets_d,malware_name_s,userip_s,Title_s,dynamic_classification_s,sender_s,threat_source_id_d,internal_collaborator_count_d,total_packets_d,app_scopes_s,log_file_name_s,malsite_category_s,redirect_url_s,dstport_d,aggregated_user_s,numbytes_d,sfwder_s,q_original_shared_s,srcport_d,to_user_s,q_admin_s,universal_connector_s,forward_to_proxy_xau_s,publisher_name_s,quarantine_profile_s,shared_domains_s,trust_computer_checked_s,malware_type_s,dlp_profile_s,all_policy_matches_s,data_type_s,TSS_scan_s,external_collaborator_count_d,severity_s,num_sessions_d,distinguishedName_s,gateway_s,profile_emails_s,mail_s,suppression_end_time_d,dst_timezone_s,nsdeviceuid_s,ip_protocol_s,tss_scan_failed_s,cc_s,req_cnt_d,tss_fail_reason_s,displayName_s,sessionid_s,justification_type_s,threat_match_value_s,incident_id_d,file_id_s,division_s,os_version_s,two_factor_auth_s,dlp_fail_reason_s,network_s,server_bytes_d,orignal_file_path_s,app_activity_s,event_type_s,src_timezone_s,device_classification_s,bcc_s,act_user_s,to_storage_s,custom_connector_s,object_count_d,q_instance_s,policy_id_s,message_id_s,dlp_scan_failed_s,transaction_id_d,quarantine_file_id_s,org_s,justification_reason_s,cci_s,Type,_ResourceId
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 1:57:40 PM",,,af7b830dee49f538c2644c49,API Connector,TRUE,block,Upload,yes,Policy violation,policy,E-clinic Software,Cloud Storage,unknown,Cloud Storage,31,poor,1,Other,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,1.2.3.4,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,119067,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,PqgmyfuGsZIFgroo,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,Windows 7.0,[],dte1953ce410-0569t@test.netskope.com,policy_ga42,2459149802892628500,Ongoing,E-clinic Software,IN,2,29.0748,Mumbai,82.8856,Maharashtra,400072,5.6.7.8,Tenant Migration across MPs,1676244575,CloudApp,nspolicy,dummyuser1@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,dummyuser1@something.com,,,,,,,,,,0,,,,,,,,0,,,,,,,,,,,,,0,,0,,,0,,0,,,0,,,,,,,0,,0,0,0,,,,,,,,,,,,[],,,,,0,,0,,,,,,0,0,0,,,[],,0,,0,,,0,,,,,,,,,,,[],,,0,,0,,,[],,0,,,,,,0,,,,,,0,,,,,,,0,,,,,,,,,,0,,,,,0,,,,,alertspolicydata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 1:57:40 PM",,,afb183aad25de76c968bc37c,API Connector,TRUE,block,Login Failed,yes,Policy violation,policy,SMILE V Air Hanbai,Cloud Storage,unknown,Cloud Storage,26,poor,1,Other,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,1.2.3.4,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,118916,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,nKNErZvXuMkDLAeX,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,Windows 7.1,[],dte1953ce410-0283t@test.netskope.com,policy_ga14,2459149802892628500,Ongoing,SMILE V Air Hanbai,FR,2,58.8323,Paris,12.4075,Île-de-France,75015,5.6.7.8,Tenant Migration across MPs,1676244575,CloudApp,nspolicy,dummyuser2@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,dummyuser2@something.com,,,,,,,,,,0,,,,,,,,0,,,,,,,,,,,,,0,,0,,,0,,0,,,0,,,,,,,0,,0,0,0,,,,,,,,,,,,[],,,,,0,,0,,,,,,0,0,0,,,[],,0,,0,,,0,,,,,,,,,,,[],,,0,,0,,,[],,0,,,,,,0,,,,,,0,,,,,,,0,,,,,,,,,,0,,,,,0,,,,,alertspolicydata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 1:57:40 PM",,,afce97f183bfd7049dd3bf81,API Connector,FALSE,,Login Failed,yes,Policy violation,policy,Resource Anesthesia,Cloud Storage,unknown,Cloud Storage,7,poor,1,iPhone 7 Plus,IN,2,29.0748,Mumbai,82.8856,Maharashtra,400072,1.2.3.4,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,119234,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,mNLOKtDffwmTWQES,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,iOS 10.1,[],dte1953ce410-0936t@test.netskope.com,policy_ga10,2459149802892628500,Ongoing,Resource Anesthesia,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,Tenant Migration across MPs,1676244591,CloudApp,nspolicy,dummyuser3@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,dummyuser3@something.com,,,,,,,,,,0,,,,,,,,0,,,,,,,,,,,,,0,,0,,,0,,0,,,0,,,,,,,0,,0,0,0,,,,,,,,,,,,[],,,,,0,,0,,,,,,0,0,0,,,[],,0,,0,,,0,,,,,,,,,,,[],,,0,,0,,,[],,0,,,,,,0,,,,,,0,,,,,,,0,,,,,,,,,,0,,,,,0,,,,,alertspolicydata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 1:57:40 PM",,,aff44b9900c6d4f6614cbf7f,API Connector,FALSE,block,Edit,yes,Policy violation,policy,iView Systems iTrak,Cloud Storage,unknown,Cloud Storage,8,poor,1,iPod Touch (7th gen),NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,1.2.3.4,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,118709,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,PWCUXBcaRzMrGefk,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,iOS 10.1,[],dte1953ce410-0302t@test.netskope.com,policy_ga52,2459149802892628500,Ongoing,iView Systems,US,2,42.8571,Lakeside,-126.9191,California,92040,5.6.7.8,Tenant Migration across MPs,1676244607,CloudApp,nspolicy,dummyuser4@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,dummyuser4@something.com,,,,,,,,,,0,,,,,,,,0,,,,,,,,,,,,,0,,0,,,0,,0,,,0,,,,,,,0,,0,0,0,,,,,,,,,,,,[],,,,,0,,0,,,,,,0,0,0,,,[],,0,,0,,,0,,,,,,,,,,,[],,,0,,0,,,[],,0,,,,,,0,,,,,,0,,,,,,,0,,,,,,,,,,0,,,,,0,,,,,alertspolicydata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 1:57:40 PM",,,b039144bdc1632c99dd5792f,API Connector,TRUE,alert,Login Successful,yes,Policy violation,policy,WebTranslateIt,Cloud Storage,unknown,Cloud Storage,41,poor,1,iPad Mini 4,US,2,42.8571,Lakeside,-106.9191,California,92040,1.2.3.4,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,119196,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,IAJZzkiWiQqrFKvd,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,iOS 10.1,[],dte1953ce410-0752t@test.netskope.com,default,2459149802892628500,Ongoing,webtranslateit.com,IN,2,29.0748,Mumbai,82.8856,Maharashtra,400072,5.6.7.8,Tenant Migration across MPs,1676244577,CloudApp,nspolicy,dummyuser5@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,dummyuser5@something.com,,,,,,,,,,0,,,,,,,,0,,,,,,,,,,,,,0,,0,,,0,,0,,,0,,,,,,,0,,0,0,0,,,,,,,,,,,,[],,,,,0,,0,,,,,,0,0,0,,,[],,0,,0,,,0,,,,,,,,,,,[],,,0,,0,,,[],,0,,,,,,0,,,,,,0,,,,,,,0,,,,,,,,,,0,,,,,0,,,,,alertspolicydata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 1:57:40 PM",,,b03a70e73fa51bc6d8315607,API Connector,TRUE,block,Upload,yes,Policy violation,policy,GCP Container Registry,Cloud Storage,unknown,Cloud Storage,94,excellent,1,Other,FR,2,58.8323,Paris,12.4075,Île-de-France,75015,1.2.3.4,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,119020,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,WzxhDqPEVJisQuul,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,Windows 7.1,[],dte1953ce410-0031t@test.netskope.com,policy_ga5,2459149802892628500,Ongoing,Google Cloud Container Registry,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,Tenant Migration across MPs,1676244595,CloudApp,nspolicy,dummyuser6@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,dummyuser6@something.com,,,,,,,,,,0,,,,,,,,0,,,,,,,,,,,,,0,,0,,,0,,0,,,0,,,,,,,0,,0,0,0,,,,,,,,,,,,[],,,,,0,,0,,,,,,0,0,0,,,[],,0,,0,,,0,,,,,,,,,,,[],,,0,,0,,,[],,0,,,,,,0,,,,,,0,,,,,,,0,,,,,,,,,,0,,,,,0,,,,,alertspolicydata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 1:57:40 PM",,,b06f00d6ce62c02ca7d1f341,API Connector,TRUE,alert,Create,yes,Policy violation,policy,IBM MAINFRAMES FORUMS,Cloud Storage,unknown,Cloud Storage,13,poor,1,ZTE - P722G,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,1.2.3.4,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,118846,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,BZpJrvcYTzJLVrQL,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 11.0,[],dte1953ce410-0412t@test.netskope.com,policy_ga35,2459149802892628500,Ongoing,IBM MAINFRAMES FORUMS,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,Tenant Migration across MPs,1676244585,CloudApp,nspolicy,dummyuser7@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,dummyuser7@something.com,,,,,,,,,,0,,,,,,,,0,,,,,,,,,,,,,0,,0,,,0,,0,,,0,,,,,,,0,,0,0,0,,,,,,,,,,,,[],,,,,0,,0,,,,,,0,0,0,,,[],,0,,0,,,0,,,,,,,,,,,[],,,0,,0,,,[],,0,,,,,,0,,,,,,0,,,,,,,0,,,,,,,,,,0,,,,,0,,,,,alertspolicydata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 1:57:40 PM",,,b077d697bca147ecd05d8ede,API Connector,TRUE,,Delete,yes,Policy violation,policy,BusinessConnect,Cloud Storage,unknown,Cloud Storage,8,poor,1,iPhone 6S Plus,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,1.2.3.4,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,119067,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,oZKMWPRRytyDxFPU,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,iOS 9.6,[],dte1953ce410-0413t@test.netskope.com,policy_ga1,2459149802892628500,Ongoing,Business Connect,IN,2,29.0748,Mumbai,82.8856,Maharashtra,400072,5.6.7.8,Tenant Migration across MPs,1676244589,CloudApp,nspolicy,dummyuser8@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,dummyuser8@something.com,,,,,,,,,,0,,,,,,,,0,,,,,,,,,,,,,0,,0,,,0,,0,,,0,,,,,,,0,,0,0,0,,,,,,,,,,,,[],,,,,0,,0,,,,,,0,0,0,,,[],,0,,0,,,0,,,,,,,,,,,[],,,0,,0,,,[],,0,,,,,,0,,,,,,0,,,,,,,0,,,,,,,,,,0,,,,,0,,,,,alertspolicydata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 1:57:40 PM",,,b0a02acff780e2f24d8afbd4,API Connector,FALSE,block,Login Failed,yes,Policy violation,policy,Karl Marc John,Cloud Storage,unknown,Cloud Storage,,unknown,1,ZTE - P188T10,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,1.2.3.4,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,119329,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,ZDQYDIefXSUFmitP,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 10.0,[],dte1953ce410-0742t@test.netskope.com,policy_ga8,2459149802892628500,Ongoing,Karl Marc John,FR,2,58.8323,Paris,12.4075,Île-de-France,75015,5.6.7.8,Tenant Migration across MPs,1676244593,CloudApp,nspolicy,dummyuser9@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,dummyuser9@something.com,,,,,,,,,,0,,,,,,,,0,,,,,,,,,,,,,0,,0,,,0,,0,,,0,,,,,,,0,,0,0,0,,,,,,,,,,,,[],,,,,0,,0,,,,,,0,0,0,,,[],,0,,0,,,0,,,,,,,,,,,[],,,0,,0,,,[],,0,,,,,,0,,,,,,0,,,,,,,0,,,,,,,,,,0,,,,,0,,,,,alertspolicydata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 1:57:40 PM",,,b0b256a24652bcecca97ce28,API Connector,TRUE,alert,Login Failed,yes,Policy violation,policy,Celigo Salesforce and NetSuite Connector,Cloud Storage,unknown,Cloud Storage,51,low,1,ZTE - P188T20,IN,2,29.0748,Mumbai,82.8856,Maharashtra,400072,1.2.3.4,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,119393,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,wEHrIzUNYZLMNVvD,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 11.0,[],dte1953ce410-0175t@test.netskope.com,policy_ga1,2459149802892628500,Ongoing,Celigo Salesforce and NetSuite Connector,IN,2,29.0748,Mumbai,82.8856,Maharashtra,400072,5.6.7.8,Tenant Migration across MPs,1676244585,CloudApp,nspolicy,dummyuser10@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,dummyuser10@something.com,,,,,,,,,,0,,,,,,,,0,,,,,,,,,,,,,0,,0,,,0,,0,,,0,,,,,,,0,,0,0,0,,,,,,,,,,,,[],,,,,0,,0,,,,,,0,0,0,,,[],,0,,0,,,0,,,,,,,,,,,[],,,0,,0,,,[],,0,,,,,,0,,,,,,0,,,,,,,0,,,,,,,,,,0,,,,,0,,,,,alertspolicydata_CL,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData _id_s access_method_s acked_s action_s activity_s alert_s alert_name_s alert_type_s app_s appcategory_s browser_s Category cci_d ccl_s count_d device_s dst_country_s dst_geoip_src_d dst_latitude_d dst_location_s dst_longitude_d dst_region_s dst_zipcode_s dstip_s exposure_s file_path_s file_size_d file_type_s instance_s instance_id_s md5_g mime_type_s modified_d object_s object_id_s object_type_s organization_unit_s os_s other_categories_s owner_s policy_s request_id_s scan_type_s site_s src_country_s src_geoip_src_d src_latitude_d src_location_s src_longitude_d src_region_s src_zipcode_s srcip_s suppression_key_s timestamp_d traffic_type_s type_s ur_normalized_s url_s user_s network_session_id_s telemetry_app_s user_tmp_s shared_with_s referer_s start_time_s appsuite_s malware_id_s remediation_profile_s suppression_start_time_d hostname_s managed_app_s activity_status_s from_user_s user_id_s file_category_s dsthost_s message_size_d tunnel_type_s end_time_s malicious_s quarantine_profile_id_s browser_version_s q_original_filepath_s last_name_s userCountry_s manager_s q_original_version_s threat_match_field_s publisher_cn_s app_session_id_d sAMAccountName_s conn_duration_d parent_id_s from_object_s connection_id_d risk_level_s total_collaborator_count_d memberOf_s notify_template_s client_bytes_d useragent_s encrypt_failure_s serial_s quarantine_file_name_s tunnel_id_s from_storage_s session_duration_d page_site_s browser_session_id_d tunnel_up_time_d resp_cnt_d group_s sAMAccountType_s to_object_s managementID_s malware_severity_s protocol_s activity_type_s q_original_filename_s tss_mode_s page_s http_status_s smtp_to_s q_app_s smtp_status_s protocol_port_s src_time_s server_packets_d sanctioned_instance_s client_packets_d malware_name_s userip_s Title_s dynamic_classification_s sender_s threat_source_id_d internal_collaborator_count_d total_packets_d app_scopes_s log_file_name_s malsite_category_s redirect_url_s dstport_d aggregated_user_s numbytes_d sfwder_s q_original_shared_s srcport_d to_user_s q_admin_s universal_connector_s forward_to_proxy_xau_s publisher_name_s quarantine_profile_s shared_domains_s trust_computer_checked_s malware_type_s dlp_profile_s all_policy_matches_s data_type_s TSS_scan_s external_collaborator_count_d severity_s num_sessions_d distinguishedName_s gateway_s profile_emails_s mail_s suppression_end_time_d dst_timezone_s nsdeviceuid_s ip_protocol_s tss_scan_failed_s cc_s req_cnt_d tss_fail_reason_s displayName_s sessionid_s justification_type_s threat_match_value_s incident_id_d file_id_s division_s os_version_s two_factor_auth_s dlp_fail_reason_s network_s server_bytes_d orignal_file_path_s app_activity_s event_type_s src_timezone_s device_classification_s bcc_s act_user_s to_storage_s custom_connector_s object_count_d q_instance_s policy_id_s message_id_s dlp_scan_failed_s transaction_id_d quarantine_file_id_s org_s justification_reason_s cci_s Type _ResourceId
2 abcd-cdef-ghijk RestAPI 2/22/2024, 1:57:40 PM af7b830dee49f538c2644c49 API Connector TRUE block Upload yes Policy violation policy E-clinic Software Cloud Storage unknown Cloud Storage 31 poor 1 Other NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 1.2.3.4 organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 119067 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 PqgmyfuGsZIFgroo 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time Windows 7.0 [] dte1953ce410-0569t@test.netskope.com policy_ga42 2459149802892628500 Ongoing E-clinic Software IN 2 29.0748 Mumbai 82.8856 Maharashtra 400072 5.6.7.8 Tenant Migration across MPs 1676244575 CloudApp nspolicy dummyuser1@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r dummyuser1@something.com 0 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 [] 0 0 0 [] 0 0 [] 0 0 0 0 0 0 alertspolicydata_CL
3 abcd-cdef-ghijk RestAPI 2/22/2024, 1:57:40 PM afb183aad25de76c968bc37c API Connector TRUE block Login Failed yes Policy violation policy SMILE V Air Hanbai Cloud Storage unknown Cloud Storage 26 poor 1 Other NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 1.2.3.4 organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 118916 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 nKNErZvXuMkDLAeX 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time Windows 7.1 [] dte1953ce410-0283t@test.netskope.com policy_ga14 2459149802892628500 Ongoing SMILE V Air Hanbai FR 2 58.8323 Paris 12.4075 Île-de-France 75015 5.6.7.8 Tenant Migration across MPs 1676244575 CloudApp nspolicy dummyuser2@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r dummyuser2@something.com 0 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 [] 0 0 0 [] 0 0 [] 0 0 0 0 0 0 alertspolicydata_CL
4 abcd-cdef-ghijk RestAPI 2/22/2024, 1:57:40 PM afce97f183bfd7049dd3bf81 API Connector FALSE Login Failed yes Policy violation policy Resource Anesthesia Cloud Storage unknown Cloud Storage 7 poor 1 iPhone 7 Plus IN 2 29.0748 Mumbai 82.8856 Maharashtra 400072 1.2.3.4 organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 119234 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 mNLOKtDffwmTWQES 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time iOS 10.1 [] dte1953ce410-0936t@test.netskope.com policy_ga10 2459149802892628500 Ongoing Resource Anesthesia NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 Tenant Migration across MPs 1676244591 CloudApp nspolicy dummyuser3@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r dummyuser3@something.com 0 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 [] 0 0 0 [] 0 0 [] 0 0 0 0 0 0 alertspolicydata_CL
5 abcd-cdef-ghijk RestAPI 2/22/2024, 1:57:40 PM aff44b9900c6d4f6614cbf7f API Connector FALSE block Edit yes Policy violation policy iView Systems iTrak Cloud Storage unknown Cloud Storage 8 poor 1 iPod Touch (7th gen) NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 1.2.3.4 organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 118709 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 PWCUXBcaRzMrGefk 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time iOS 10.1 [] dte1953ce410-0302t@test.netskope.com policy_ga52 2459149802892628500 Ongoing iView Systems US 2 42.8571 Lakeside -126.9191 California 92040 5.6.7.8 Tenant Migration across MPs 1676244607 CloudApp nspolicy dummyuser4@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r dummyuser4@something.com 0 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 [] 0 0 0 [] 0 0 [] 0 0 0 0 0 0 alertspolicydata_CL
6 abcd-cdef-ghijk RestAPI 2/22/2024, 1:57:40 PM b039144bdc1632c99dd5792f API Connector TRUE alert Login Successful yes Policy violation policy WebTranslateIt Cloud Storage unknown Cloud Storage 41 poor 1 iPad Mini 4 US 2 42.8571 Lakeside -106.9191 California 92040 1.2.3.4 organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 119196 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 IAJZzkiWiQqrFKvd 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time iOS 10.1 [] dte1953ce410-0752t@test.netskope.com default 2459149802892628500 Ongoing webtranslateit.com IN 2 29.0748 Mumbai 82.8856 Maharashtra 400072 5.6.7.8 Tenant Migration across MPs 1676244577 CloudApp nspolicy dummyuser5@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r dummyuser5@something.com 0 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 [] 0 0 0 [] 0 0 [] 0 0 0 0 0 0 alertspolicydata_CL
7 abcd-cdef-ghijk RestAPI 2/22/2024, 1:57:40 PM b03a70e73fa51bc6d8315607 API Connector TRUE block Upload yes Policy violation policy GCP Container Registry Cloud Storage unknown Cloud Storage 94 excellent 1 Other FR 2 58.8323 Paris 12.4075 Île-de-France 75015 1.2.3.4 organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 119020 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 WzxhDqPEVJisQuul 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time Windows 7.1 [] dte1953ce410-0031t@test.netskope.com policy_ga5 2459149802892628500 Ongoing Google Cloud Container Registry NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 Tenant Migration across MPs 1676244595 CloudApp nspolicy dummyuser6@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r dummyuser6@something.com 0 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 [] 0 0 0 [] 0 0 [] 0 0 0 0 0 0 alertspolicydata_CL
8 abcd-cdef-ghijk RestAPI 2/22/2024, 1:57:40 PM b06f00d6ce62c02ca7d1f341 API Connector TRUE alert Create yes Policy violation policy IBM MAINFRAMES FORUMS Cloud Storage unknown Cloud Storage 13 poor 1 ZTE - P722G NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 1.2.3.4 organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 118846 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 BZpJrvcYTzJLVrQL 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time Android 11.0 [] dte1953ce410-0412t@test.netskope.com policy_ga35 2459149802892628500 Ongoing IBM MAINFRAMES FORUMS NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 Tenant Migration across MPs 1676244585 CloudApp nspolicy dummyuser7@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r dummyuser7@something.com 0 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 [] 0 0 0 [] 0 0 [] 0 0 0 0 0 0 alertspolicydata_CL
9 abcd-cdef-ghijk RestAPI 2/22/2024, 1:57:40 PM b077d697bca147ecd05d8ede API Connector TRUE Delete yes Policy violation policy BusinessConnect Cloud Storage unknown Cloud Storage 8 poor 1 iPhone 6S Plus NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 1.2.3.4 organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 119067 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 oZKMWPRRytyDxFPU 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time iOS 9.6 [] dte1953ce410-0413t@test.netskope.com policy_ga1 2459149802892628500 Ongoing Business Connect IN 2 29.0748 Mumbai 82.8856 Maharashtra 400072 5.6.7.8 Tenant Migration across MPs 1676244589 CloudApp nspolicy dummyuser8@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r dummyuser8@something.com 0 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 [] 0 0 0 [] 0 0 [] 0 0 0 0 0 0 alertspolicydata_CL
10 abcd-cdef-ghijk RestAPI 2/22/2024, 1:57:40 PM b0a02acff780e2f24d8afbd4 API Connector FALSE block Login Failed yes Policy violation policy Karl Marc John Cloud Storage unknown Cloud Storage unknown 1 ZTE - P188T10 NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 1.2.3.4 organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 119329 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 ZDQYDIefXSUFmitP 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time Android 10.0 [] dte1953ce410-0742t@test.netskope.com policy_ga8 2459149802892628500 Ongoing Karl Marc John FR 2 58.8323 Paris 12.4075 Île-de-France 75015 5.6.7.8 Tenant Migration across MPs 1676244593 CloudApp nspolicy dummyuser9@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r dummyuser9@something.com 0 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 [] 0 0 0 [] 0 0 [] 0 0 0 0 0 0 alertspolicydata_CL
11 abcd-cdef-ghijk RestAPI 2/22/2024, 1:57:40 PM b0b256a24652bcecca97ce28 API Connector TRUE alert Login Failed yes Policy violation policy Celigo Salesforce and NetSuite Connector Cloud Storage unknown Cloud Storage 51 low 1 ZTE - P188T20 IN 2 29.0748 Mumbai 82.8856 Maharashtra 400072 1.2.3.4 organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 119393 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 wEHrIzUNYZLMNVvD 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time Android 11.0 [] dte1953ce410-0175t@test.netskope.com policy_ga1 2459149802892628500 Ongoing Celigo Salesforce and NetSuite Connector IN 2 29.0748 Mumbai 82.8856 Maharashtra 400072 5.6.7.8 Tenant Migration across MPs 1676244585 CloudApp nspolicy dummyuser10@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r dummyuser10@something.com 0 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 [] 0 0 0 [] 0 0 [] 0 0 0 0 0 0 alertspolicydata_CL

11
Sample Data/Custom/Netskope/alertsquarantinedata_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,11 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,_id_s,access_method_s,acked_s,action_s,alert_s,alert_name_s,alert_type_s,app_s,appcategory_s,browser_s,Category,cci_s,ccl_s,count_d,device_s,exposure_s,file_path_s,file_size_d,file_type_s,instance_id_s,md5_g,mime_type_s,modified_d,object_s,object_id_s,object_type_s,organization_unit_s,os_s,other_categories_s,owner_s,policy_s,scan_type_s,site_s,suppression_key_s,timestamp_d,traffic_type_s,type_s,ur_normalized_s,url_s,user_s,userkey_s,departmentNumber_s,file_id_s,dlp_profile_s,quarantine_file_name_s,manager_s,quarantine_profile_id_s,q_original_shared_s,profile_emails_s,from_user_s,shared_with_s,q_original_version_s,q_original_filepath_s,user_id_s,quarantine_profile_s,quarantine_file_id_s,q_admin_s,q_original_filename_s,q_app_s,department_s,orignal_file_path_s,q_instance_s,cci_d,Type,_ResourceId
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:05:11 AM",,,ee7246d409667fd4e8a79e08,API Connector,FALSE,block,yes,Quarantine held,quarantine,iView Systems iTrak,Cloud Storage,unknown,Cloud Storage,,poor,1,iPhone XS Max,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,119177,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,HfwIddtfIBejAtCE,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,Windows 8.0,[],dte3831-sjc1-8619-0265t@abc.data.com,policy_ga40,Ongoing,iView Systems,Tenant Migration across MPs,1703769276,CloudApp,datapolicy,dte3831-sjc1-8619-0265t@abc.data.com,https://drive.google.com,dte3831-sjc1-8619-0265t@abc.data.com,dte3831-sjc1-8619-0265t@abc.data.com,,,,,,,,[],,,,,,,,,,,,,,7,alertsquarantinedata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:05:11 AM",,,ef7b197992540899188dafc0,API Connector,TRUE,block,yes,Quarantine held,quarantine,CONA Services,Cloud Storage,unknown,Cloud Storage,,unknown,1,ZTE - Grand-S,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,118584,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,oFJaJnpzpHODUZAv,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,Android 11.0,[],dte3831-sjc1-8619-0163t@abc.data.com,policy_ga6,Ongoing,CONA Services,Tenant Migration across MPs,1703769355,CloudApp,datapolicy,dte3831-sjc1-8619-0163t@abc.data.com,https://drive.google.com,dte3831-sjc1-8619-0163t@abc.data.com,dte3831-sjc1-8619-0163t@abc.data.com,,,,,,,,[],,,,,,,,,,,,,,3,alertsquarantinedata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:05:11 AM",,,f821eebda5f3a7fc71996ef4,API Connector,TRUE,,yes,Quarantine held,quarantine,SmartBear Cucumber Open,Cloud Storage,unknown,Cloud Storage,,poor,1,iPhone XR,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,118531,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,nSHSkokrqMYBYJCF,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,Android 11.0,[],dte3831-sjc1-8619-0827t@abc.data.com,policy_ga32,Ongoing,SmartBear Cucumber Open,Tenant Migration across MPs,1703768967,CloudApp,datapolicy,dte3831-sjc1-8619-0827t@abc.data.com,https://drive.google.com,dte3831-sjc1-8619-0827t@abc.data.com,dte3831-sjc1-8619-0827t@abc.data.com,,,,,,,,[],,,,,,,,,,,,,,26,alertsquarantinedata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:05:11 AM",,,fa5867b11d02579bf24b3d8c,API Connector,TRUE,alert,yes,Quarantine held,quarantine,eGenuity eLube,Cloud Storage,unknown,Cloud Storage,,poor,1,iPhone 15,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,119023,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,OvmmhHtXZLvzrcXY,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,Windows 10.0,[],dte3831-sjc1-8619-0712t@abc.data.com,policy_ga52,Ongoing,eGenuity eLube,Tenant Migration across MPs,1703768934,CloudApp,datapolicy,dte3831-sjc1-8619-0712t@abc.data.com,https://drive.google.com,dte3831-sjc1-8619-0712t@abc.data.com,dte3831-sjc1-8619-0712t@abc.data.com,,,,,,,,[],,,,,,,,,,,,,,12,alertsquarantinedata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:05:11 AM",,,0129dc00d799114214dd218f,API Connector,TRUE,alert,yes,Quarantine held,quarantine,N.nu Online HTML Editor,Cloud Storage,unknown,Cloud Storage,,unknown,1,Samsung Fold 5,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,119048,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,dLPfUkhhzekVuDZl,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,Android 11.0,[],dte3831-sjc1-8619-0210t@abc.data.com,policy_ga32,Ongoing,N.nu Online HTML Editor,Tenant Migration across MPs,1703771785,CloudApp,datapolicy,dte3831-sjc1-8619-0210t@abc.data.com,https://drive.google.com,dte3831-sjc1-8619-0210t@abc.data.com,dte3831-sjc1-8619-0210t@abc.data.com,,,,,,,,[],,,,,,,,,,,,,,24,alertsquarantinedata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:05:11 AM",,,0407f53bceb6a1a38bec38af,API Connector,TRUE,,yes,Quarantine held,quarantine,TIBCO Spotfire Cloud,Cloud Storage,unknown,Cloud Storage,,medium,1,iPhone 11,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,118432,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,QpNQCgogZyyOgjES,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,Windows 8.0,[],dte3831-sjc1-8619-0414t@abc.data.com,policy_ga30,Ongoing,TIBCO Spotfire Cloud,Tenant Migration across MPs,1703771703,CloudApp,datapolicy,dte3831-sjc1-8619-0414t@abc.data.com,https://drive.google.com,dte3831-sjc1-8619-0414t@abc.data.com,dte3831-sjc1-8619-0414t@abc.data.com,,,,,,,,[],,,,,,,,,,,,,,60,alertsquarantinedata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:05:11 AM",,,0509ac25dc31f066234dd344,API Connector,TRUE,block,yes,Quarantine held,quarantine,CoreHealth,Cloud Storage,unknown,Cloud Storage,,poor,1,ZTE - P188T20,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,119041,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,XSVMWfQBapsPjSjF,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 9.0,[],dte3831-sjc1-8619-0231t@abc.data.com,policy_ga2,Ongoing,CoreHealth Corporate Wellness Platform,Tenant Migration across MPs,1703771880,CloudApp,datapolicy,dte3831-sjc1-8619-0231t@abc.data.com,https://drive.google.com,dte3831-sjc1-8619-0231t@abc.data.com,dte3831-sjc1-8619-0231t@abc.data.com,,,,,,,,[],,,,,,,,,,,,,,21,alertsquarantinedata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:05:11 AM",,,06e5386a9449b4d4d211b5a4,API Connector,TRUE,,yes,Quarantine held,quarantine,,Cloud Storage,unknown,Cloud Storage,,poor,1,Other,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,119052,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,MnZNinVfgkFGPEyE,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,Windows 7.1,[],dte3831-sjc1-8619-0788t@abc.data.com,policy_ga53,Ongoing,Interstate Batteries,Tenant Migration across MPs,1703771731,CloudApp,datapolicy,dte3831-sjc1-8619-0788t@abc.data.com,https://drive.google.com,dte3831-sjc1-8619-0788t@abc.data.com,dte3831-sjc1-8619-0788t@abc.data.com,,,,,,,,[],,,,,,,,,,,,,,5,alertsquarantinedata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:05:11 AM",,,06fae3c6ea8f309305b3196e,API Connector,FALSE,alert,yes,Quarantine held,quarantine,Backup Systems,Cloud Storage,unknown,Cloud Storage,,poor,1,Samsung Fold 5,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,118774,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,zdGVeKlpYcfhSrGQ,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 10.1,[],dte3831-sjc1-8619-0427t@abc.data.com,policy_ga35,Ongoing,Backup Systems,Tenant Migration across MPs,1703771604,CloudApp,datapolicy,dte3831-sjc1-8619-0427t@abc.data.com,https://drive.google.com,dte3831-sjc1-8619-0427t@abc.data.com,dte3831-sjc1-8619-0427t@abc.data.com,,,,,,,,[],,,,,,,,,,,,,,25,alertsquarantinedata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:05:11 AM",,,114cca8509859f5066ca2ca2,API Connector,FALSE,alert,yes,Quarantine held,quarantine,EZPro Service Desk,Cloud Storage,unknown,Cloud Storage,,,1,iPhone 8,organisation_wide_link,/My Drive/Clickhouse/Tenant Migration across MPs,118807,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application.document,1613760236,tiZrdnCMLXFNyuCk,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 11.1,[],dte3831-sjc1-8619-0163t@abc.data.com,policy_ga36,Ongoing,EZPro Service Desk,Tenant Migration across MPs,1703771135,CloudApp,datapolicy,dte3831-sjc1-8619-0163t@abc.data.com,https://drive.google.com,dte3831-sjc1-8619-0163t@abc.data.com,dte3831-sjc1-8619-0163t@abc.data.com,,,,,,,,[],,,,,,,,,,,,,,53,alertsquarantinedata_CL,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData _id_s access_method_s acked_s action_s alert_s alert_name_s alert_type_s app_s appcategory_s browser_s Category cci_s ccl_s count_d device_s exposure_s file_path_s file_size_d file_type_s instance_id_s md5_g mime_type_s modified_d object_s object_id_s object_type_s organization_unit_s os_s other_categories_s owner_s policy_s scan_type_s site_s suppression_key_s timestamp_d traffic_type_s type_s ur_normalized_s url_s user_s userkey_s departmentNumber_s file_id_s dlp_profile_s quarantine_file_name_s manager_s quarantine_profile_id_s q_original_shared_s profile_emails_s from_user_s shared_with_s q_original_version_s q_original_filepath_s user_id_s quarantine_profile_s quarantine_file_id_s q_admin_s q_original_filename_s q_app_s department_s orignal_file_path_s q_instance_s cci_d Type _ResourceId
2 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:05:11 AM ee7246d409667fd4e8a79e08 API Connector FALSE block yes Quarantine held quarantine iView Systems iTrak Cloud Storage unknown Cloud Storage poor 1 iPhone XS Max organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 119177 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 HfwIddtfIBejAtCE 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time Windows 8.0 [] dte3831-sjc1-8619-0265t@abc.data.com policy_ga40 Ongoing iView Systems Tenant Migration across MPs 1703769276 CloudApp datapolicy dte3831-sjc1-8619-0265t@abc.data.com https://drive.google.com dte3831-sjc1-8619-0265t@abc.data.com dte3831-sjc1-8619-0265t@abc.data.com [] 7 alertsquarantinedata_CL
3 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:05:11 AM ef7b197992540899188dafc0 API Connector TRUE block yes Quarantine held quarantine CONA Services Cloud Storage unknown Cloud Storage unknown 1 ZTE - Grand-S organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 118584 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 oFJaJnpzpHODUZAv 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time Android 11.0 [] dte3831-sjc1-8619-0163t@abc.data.com policy_ga6 Ongoing CONA Services Tenant Migration across MPs 1703769355 CloudApp datapolicy dte3831-sjc1-8619-0163t@abc.data.com https://drive.google.com dte3831-sjc1-8619-0163t@abc.data.com dte3831-sjc1-8619-0163t@abc.data.com [] 3 alertsquarantinedata_CL
4 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:05:11 AM f821eebda5f3a7fc71996ef4 API Connector TRUE yes Quarantine held quarantine SmartBear Cucumber Open Cloud Storage unknown Cloud Storage poor 1 iPhone XR organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 118531 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 nSHSkokrqMYBYJCF 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time Android 11.0 [] dte3831-sjc1-8619-0827t@abc.data.com policy_ga32 Ongoing SmartBear Cucumber Open Tenant Migration across MPs 1703768967 CloudApp datapolicy dte3831-sjc1-8619-0827t@abc.data.com https://drive.google.com dte3831-sjc1-8619-0827t@abc.data.com dte3831-sjc1-8619-0827t@abc.data.com [] 26 alertsquarantinedata_CL
5 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:05:11 AM fa5867b11d02579bf24b3d8c API Connector TRUE alert yes Quarantine held quarantine eGenuity eLube Cloud Storage unknown Cloud Storage poor 1 iPhone 15 organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 119023 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 OvmmhHtXZLvzrcXY 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time Windows 10.0 [] dte3831-sjc1-8619-0712t@abc.data.com policy_ga52 Ongoing eGenuity eLube Tenant Migration across MPs 1703768934 CloudApp datapolicy dte3831-sjc1-8619-0712t@abc.data.com https://drive.google.com dte3831-sjc1-8619-0712t@abc.data.com dte3831-sjc1-8619-0712t@abc.data.com [] 12 alertsquarantinedata_CL
6 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:05:11 AM 0129dc00d799114214dd218f API Connector TRUE alert yes Quarantine held quarantine N.nu Online HTML Editor Cloud Storage unknown Cloud Storage unknown 1 Samsung Fold 5 organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 119048 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 dLPfUkhhzekVuDZl 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time Android 11.0 [] dte3831-sjc1-8619-0210t@abc.data.com policy_ga32 Ongoing N.nu Online HTML Editor Tenant Migration across MPs 1703771785 CloudApp datapolicy dte3831-sjc1-8619-0210t@abc.data.com https://drive.google.com dte3831-sjc1-8619-0210t@abc.data.com dte3831-sjc1-8619-0210t@abc.data.com [] 24 alertsquarantinedata_CL
7 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:05:11 AM 0407f53bceb6a1a38bec38af API Connector TRUE yes Quarantine held quarantine TIBCO Spotfire Cloud Cloud Storage unknown Cloud Storage medium 1 iPhone 11 organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 118432 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 QpNQCgogZyyOgjES 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time Windows 8.0 [] dte3831-sjc1-8619-0414t@abc.data.com policy_ga30 Ongoing TIBCO Spotfire Cloud Tenant Migration across MPs 1703771703 CloudApp datapolicy dte3831-sjc1-8619-0414t@abc.data.com https://drive.google.com dte3831-sjc1-8619-0414t@abc.data.com dte3831-sjc1-8619-0414t@abc.data.com [] 60 alertsquarantinedata_CL
8 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:05:11 AM 0509ac25dc31f066234dd344 API Connector TRUE block yes Quarantine held quarantine CoreHealth Cloud Storage unknown Cloud Storage poor 1 ZTE - P188T20 organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 119041 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 XSVMWfQBapsPjSjF 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time iOS 9.0 [] dte3831-sjc1-8619-0231t@abc.data.com policy_ga2 Ongoing CoreHealth Corporate Wellness Platform Tenant Migration across MPs 1703771880 CloudApp datapolicy dte3831-sjc1-8619-0231t@abc.data.com https://drive.google.com dte3831-sjc1-8619-0231t@abc.data.com dte3831-sjc1-8619-0231t@abc.data.com [] 21 alertsquarantinedata_CL
9 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:05:11 AM 06e5386a9449b4d4d211b5a4 API Connector TRUE yes Quarantine held quarantine Cloud Storage unknown Cloud Storage poor 1 Other organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 119052 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 MnZNinVfgkFGPEyE 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time Windows 7.1 [] dte3831-sjc1-8619-0788t@abc.data.com policy_ga53 Ongoing Interstate Batteries Tenant Migration across MPs 1703771731 CloudApp datapolicy dte3831-sjc1-8619-0788t@abc.data.com https://drive.google.com dte3831-sjc1-8619-0788t@abc.data.com dte3831-sjc1-8619-0788t@abc.data.com [] 5 alertsquarantinedata_CL
10 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:05:11 AM 06fae3c6ea8f309305b3196e API Connector FALSE alert yes Quarantine held quarantine Backup Systems Cloud Storage unknown Cloud Storage poor 1 Samsung Fold 5 organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 118774 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 zdGVeKlpYcfhSrGQ 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time iOS 10.1 [] dte3831-sjc1-8619-0427t@abc.data.com policy_ga35 Ongoing Backup Systems Tenant Migration across MPs 1703771604 CloudApp datapolicy dte3831-sjc1-8619-0427t@abc.data.com https://drive.google.com dte3831-sjc1-8619-0427t@abc.data.com dte3831-sjc1-8619-0427t@abc.data.com [] 25 alertsquarantinedata_CL
11 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:05:11 AM 114cca8509859f5066ca2ca2 API Connector FALSE alert yes Quarantine held quarantine EZPro Service Desk Cloud Storage unknown Cloud Storage 1 iPhone 8 organisation_wide_link /My Drive/Clickhouse/Tenant Migration across MPs 118807 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application.document 1613760236 tiZrdnCMLXFNyuCk 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File data.com/dataconnector/Active Users/US & International/Full Time iOS 11.1 [] dte3831-sjc1-8619-0163t@abc.data.com policy_ga36 Ongoing EZPro Service Desk Tenant Migration across MPs 1703771135 CloudApp datapolicy dte3831-sjc1-8619-0163t@abc.data.com https://drive.google.com dte3831-sjc1-8619-0163t@abc.data.com dte3831-sjc1-8619-0163t@abc.data.com [] 53 alertsquarantinedata_CL

11
Sample Data/Custom/Netskope/alertsremediationdata_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,11 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,_id_s,access_method_s,acked_s,action_s,activity_s,alert_s,alert_name_s,alert_type_s,app_s,appcategory_s,browser_s,Category,cci_s,ccl_s,count_d,device_s,dst_country_s,dst_geoip_src_d,dst_latitude_d,dst_location_s,dst_longitude_d,dst_region_s,dst_zipcode_s,dstip_s,file_size_d,file_type_s,instance_id_s,md5_g,object_s,object_type_s,organization_unit_s,os_s,policy_s,request_id_s,site_s,src_country_s,src_geoip_src_d,src_latitude_d,src_location_s,src_longitude_d,src_region_s,src_zipcode_s,srcip_s,timestamp_d,traffic_type_s,type_s,ur_normalized_s,url_s,user_s,appsuite_s,transaction_id_d,page_s,hostname_s,policy_id_s,connection_id_d,app_session_id_d,severity_s,tss_mode_s,managed_app_s,endpoint_count_d,malware_type_s,notify_template_s,device_classification_s,page_site_s,dlp_profile_s,managementID_s,all_policy_matches_s,profile_hits_s,malware_severity_s,sanctioned_instance_s,src_timezone_s,dst_timezone_s,edr_app_s,browser_session_id_d,os_version_s,src_time_s,nsdeviceuid_s,actions_taken_s,malware_id_s,from_user_s,endpoints_s,protocol_s,incident_id_d,remediation_profile_s,userip_s,malware_name_s,cci_d,Type,_ResourceId
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:23 AM",,,00ff811b4fd7735b4b2c4715,API Connector,TRUE,block,Download,yes,Remediation alert,Remediation,7proxysites.com,Cloud Storage,unknown,Cloud Storage,,unknown,1,iPhone XS Max,US,2,53.7,Boardman,-19.72,Oregon,97818,1.2.3.4,118989,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,hVrmJXMeFaUmfIYB,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 9.6,policy_ga2,6559147653292628500,7proxysites.com,US,2,53.7,Boardman,-19.72,Oregon,97818,1.2.3.4,1703629363,CloudApp,datapolicy,dte3831-sjc1-86asd-0651t@test.data.com,https://drive.google.com,dte3831-sjc1-86asd-0651t@test.data.com,,0,,,,0,0,,,,0,,,,,,,[],[],,,,,,0,,,,,,,,,0,,,,23,alertsremediationdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:23 AM",,,02050f461f9a1084e10f0767,API Connector,FALSE,alert,Edit,yes,Remediation alert,Remediation,IQ Coordinator,Cloud Storage,unknown,Cloud Storage,,poor,1,ZTE - Grand-S,NL,2,12.9634,Amsterdam,4.8975,North Holland,1012,3.86.29.24,119052,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,vqwutrWpGDlKNMzY,File,data.com/dataconnector/Active Users/US & International/Full Time,Android 11.0,policy_ga21,6559147653292628501,IQ Coordinator,FR,1,12.9634,Amsterdam,4.8975,North Holland,1012,3.86.29.24,1703629182,CloudApp,datapolicy,dte3831-sjc1-86asd-0671t@test.data.com,https://drive.google.com,dte3831-sjc1-86asd-0671t@test.data.com,,0,,,,0,0,,,,0,,,,,,,[],[],,,,,,0,,,,,,,,,0,,,,17,alertsremediationdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:23 AM",,,0457a6bbca4ce510ca507c66,API Connector,TRUE,block,Edit,yes,Remediation alert,Remediation,Amazon Ground Station,Cloud Storage,unknown,Cloud Storage,,high,1,iPhone XR,FR,1,7.896,Ballots,12.9634,Pays-de-la-Loire,,13.248.55.2,118986,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,qqfmVwowgSVkHXYc,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 10.1,policy_ga30,6559147653292628502,Amazon Ground Station,US,2,7.896,Ballots,12.9634,Pays-de-la-Loire,,13.248.55.2,1703628842,CloudApp,datapolicy,dte3831-sjc1-86asd-0787t@test.data.com,https://drive.google.com,dte3831-sjc1-86asd-0787t@test.data.com,,0,,,,0,0,,,,0,,,,,,,[],[],,,,,,0,,,,,,,,,0,,,,82,alertsremediationdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:23 AM",,,047ca6de7c862019732c2f75,API Connector,TRUE,alert,Upload,yes,Remediation alert,Remediation,Jadu,Cloud Storage,unknown,Cloud Storage,,poor,1,iPhone 15,NL,2,53.7,Amsterdam,4.8975,North Holland,1012,1.2.3.4,119334,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,kIJrUmrTbTQlzAeC,File,data.com/dataconnector/Active Users/US & International/Full Time,Android 11.0,policy_ga19,6559147653292628503,Jadu Continuum,NL,2,53.7,Amsterdam,4.8975,North Holland,1012,1.2.3.4,1703628518,CloudApp,datapolicy,dte3831-sjc1-86asd-0088t@test.data.com,https://drive.google.com,dte3831-sjc1-86asd-0088t@test.data.com,,0,,,,0,0,,,,0,,,,,,,[],[],,,,,,0,,,,,,,,,0,,,,45,alertsremediationdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:23 AM",,,065cf412fc3ab64e7cf9c71c,API Connector,TRUE,,Upload,yes,Remediation alert,Remediation,Veeva Vault eTMF,Cloud Storage,unknown,Cloud Storage,,poor,1,Samsung Fold 5,IN,2,12.9634,Bengaluru,7.896,Karnataka,560058,3.86.29.24,119334,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,YnGOhEEjkculydkW,File,data.com/dataconnector/Active Users/US & International/Full Time,Windows 7.1,policy_ga25,6559147653292628504,Veeva Vault eTMF,US,2,12.9634,Bengaluru,7.896,Karnataka,560058,3.86.29.24,1703628667,CloudApp,datapolicy,dte3831-sjc1-86asd-0483t@test.data.com,https://drive.google.com,dte3831-sjc1-86asd-0483t@test.data.com,,0,,,,0,0,,,,0,,,,,,,[],[],,,,,,0,,,,,,,,,0,,,,41,alertsremediationdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:23 AM",,,08726eda0f7d0ec4b10ee34a,API Connector,TRUE,block,Download,yes,Remediation alert,Remediation,Amazon Managed Blockchain,Cloud Storage,unknown,Cloud Storage,,high,1,iPhone 11,NL,2,53.7,Amsterdam,4.8975,North Holland,1012,13.248.55.2,118681,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,rbBtMNeZpZSziVfW,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 9.0,policy_ga2,6559147653292628505,Amazon Managed Blockchain,IN,2,53.7,Amsterdam,4.8975,North Holland,1012,13.248.55.2,1703628972,CloudApp,datapolicy,dte3831-sjc1-86asd-06571t@test.data.com,https://drive.google.com,dte3831-sjc1-86asd-06571t@test.data.com,,0,,,,0,0,,,,0,,,,,,,[],[],,,,,,0,,,,,,,,,0,,,,82,alertsremediationdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:23 AM",,,0965c56a7ab6a153958ccc44,API Connector,FALSE,block,Delete,yes,Remediation alert,Remediation,GCP Container Registry,Cloud Storage,unknown,Cloud Storage,,excellent,1,ZTE - P188T20,NL,2,52.3759,Amsterdam,7.896,North Holland,1012,1.2.3.4,118788,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,mDdfkVIFlDlRzNyY,File,data.com/dataconnector/Active Users/US & International/Full Time,Android 11.0,policy_ga19,6559147653292628506,Google Cloud Container Registry,DE,2,52.3759,Amsterdam,7.896,North Holland,1012,1.2.3.4,1703628942,CloudApp,datapolicy,dte3831-sjc1-86asd-02351t@test.data.com,https://drive.google.com,dte3831-sjc1-86asd-02351t@test.data.com,,0,,,,0,0,,,,0,,,,,,,[],[],,,,,,0,,,,,,,,,0,,,,93,alertsremediationdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:23 AM",,,1605359c71c46f28eaebe1f5,API Connector,FALSE,alert,Login Successful,yes,Remediation alert,Remediation,VAI S2K Enterprise OnCloud,Cloud Storage,unknown,Cloud Storage,,poor,1,Other,FR,1,12.9634,Ballots,-19.72,Pays-de-la-Loire,,3.86.29.24,118588,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,qNKQFtGNMuBOxeFC,File,data.com/dataconnector/Active Users/US & International/Full Time,Windows 7.1,policy_ga31,6559147653292628507,Vormittag Associates S2K Enterprise,FR,1,12.9634,Ballots,-19.72,Pays-de-la-Loire,,3.86.29.24,1703628914,CloudApp,datapolicy,dte3831-sjc1-86asd-23wt@test.data.com,https://drive.google.com,dte3831-sjc1-86asd-23wt@test.data.com,,0,,,,0,0,,,,0,,,,,,,[],[],,,,,,0,,,,,,,,,0,,,,17,alertsremediationdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:23 AM",,,16198a1fe10abbc48025b807,API Connector,TRUE,block,Edit,yes,Remediation alert,Remediation,CoreHealth,Cloud Storage,unknown,Cloud Storage,,poor,1,Samsung Fold 5,IN,2,53.7,Bengaluru,77.5855,Karnataka,560058,13.248.55.2,119058,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,DbPMDKamlPPnWUJS,File,data.com/dataconnector/Active Users/US & International/Full Time,Android 10.0,policy_ga53,6559147653292628508,CoreHealth Corporate Wellness Platform,IN,2,53.7,Bengaluru,77.5855,Karnataka,560058,13.248.55.2,1703628551,CloudApp,datapolicy,dte3831-sjc1-86asd-2452t@test.data.com,https://drive.google.com,dte3831-sjc1-86asd-2452t@test.data.com,,0,,,,0,0,,,,0,,,,,,,[],[],,,,,,0,,,,,,,,,0,,,,21,alertsremediationdata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:23 AM",,,18a383d095feca0c1a71ea87,API Connector,TRUE,alert,Edit,yes,Remediation alert,Remediation,Dropbox,Cloud Storage,unknown,Cloud Storage,,high,1,iPhone 8,FR,1,7.896,Ballots,-1.04759,Pays-de-la-Loire,,19.2.5.21,118623,application.document,datainstance.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,bsPjlnclVZQedBXp,File,data.com/dataconnector/Active Users/US & International/Full Time,iOS 11.1,policy_ga0,6559147653292628509,Dropbox,IN,2,7.896,Ballots,-1.04759,Pays-de-la-Loire,,19.2.5.21,1703629370,CloudApp,datapolicy,dte3831-sjc1-86asd-3424t@test.data.com,https://drive.google.com,dte3831-sjc1-86asd-3424t@test.data.com,,0,,,,0,0,,,,0,,,,,,,[],[],,,,,,0,,,,,,,,,0,,,,86,alertsremediationdata_CL,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData _id_s access_method_s acked_s action_s activity_s alert_s alert_name_s alert_type_s app_s appcategory_s browser_s Category cci_s ccl_s count_d device_s dst_country_s dst_geoip_src_d dst_latitude_d dst_location_s dst_longitude_d dst_region_s dst_zipcode_s dstip_s file_size_d file_type_s instance_id_s md5_g object_s object_type_s organization_unit_s os_s policy_s request_id_s site_s src_country_s src_geoip_src_d src_latitude_d src_location_s src_longitude_d src_region_s src_zipcode_s srcip_s timestamp_d traffic_type_s type_s ur_normalized_s url_s user_s appsuite_s transaction_id_d page_s hostname_s policy_id_s connection_id_d app_session_id_d severity_s tss_mode_s managed_app_s endpoint_count_d malware_type_s notify_template_s device_classification_s page_site_s dlp_profile_s managementID_s all_policy_matches_s profile_hits_s malware_severity_s sanctioned_instance_s src_timezone_s dst_timezone_s edr_app_s browser_session_id_d os_version_s src_time_s nsdeviceuid_s actions_taken_s malware_id_s from_user_s endpoints_s protocol_s incident_id_d remediation_profile_s userip_s malware_name_s cci_d Type _ResourceId
2 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:23 AM 00ff811b4fd7735b4b2c4715 API Connector TRUE block Download yes Remediation alert Remediation 7proxysites.com Cloud Storage unknown Cloud Storage unknown 1 iPhone XS Max US 2 53.7 Boardman -19.72 Oregon 97818 1.2.3.4 118989 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 hVrmJXMeFaUmfIYB File data.com/dataconnector/Active Users/US & International/Full Time iOS 9.6 policy_ga2 6559147653292628500 7proxysites.com US 2 53.7 Boardman -19.72 Oregon 97818 1.2.3.4 1703629363 CloudApp datapolicy dte3831-sjc1-86asd-0651t@test.data.com https://drive.google.com dte3831-sjc1-86asd-0651t@test.data.com 0 0 0 0 [] [] 0 0 23 alertsremediationdata_CL
3 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:23 AM 02050f461f9a1084e10f0767 API Connector FALSE alert Edit yes Remediation alert Remediation IQ Coordinator Cloud Storage unknown Cloud Storage poor 1 ZTE - Grand-S NL 2 12.9634 Amsterdam 4.8975 North Holland 1012 3.86.29.24 119052 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 vqwutrWpGDlKNMzY File data.com/dataconnector/Active Users/US & International/Full Time Android 11.0 policy_ga21 6559147653292628501 IQ Coordinator FR 1 12.9634 Amsterdam 4.8975 North Holland 1012 3.86.29.24 1703629182 CloudApp datapolicy dte3831-sjc1-86asd-0671t@test.data.com https://drive.google.com dte3831-sjc1-86asd-0671t@test.data.com 0 0 0 0 [] [] 0 0 17 alertsremediationdata_CL
4 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:23 AM 0457a6bbca4ce510ca507c66 API Connector TRUE block Edit yes Remediation alert Remediation Amazon Ground Station Cloud Storage unknown Cloud Storage high 1 iPhone XR FR 1 7.896 Ballots 12.9634 Pays-de-la-Loire 13.248.55.2 118986 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 qqfmVwowgSVkHXYc File data.com/dataconnector/Active Users/US & International/Full Time iOS 10.1 policy_ga30 6559147653292628502 Amazon Ground Station US 2 7.896 Ballots 12.9634 Pays-de-la-Loire 13.248.55.2 1703628842 CloudApp datapolicy dte3831-sjc1-86asd-0787t@test.data.com https://drive.google.com dte3831-sjc1-86asd-0787t@test.data.com 0 0 0 0 [] [] 0 0 82 alertsremediationdata_CL
5 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:23 AM 047ca6de7c862019732c2f75 API Connector TRUE alert Upload yes Remediation alert Remediation Jadu Cloud Storage unknown Cloud Storage poor 1 iPhone 15 NL 2 53.7 Amsterdam 4.8975 North Holland 1012 1.2.3.4 119334 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 kIJrUmrTbTQlzAeC File data.com/dataconnector/Active Users/US & International/Full Time Android 11.0 policy_ga19 6559147653292628503 Jadu Continuum NL 2 53.7 Amsterdam 4.8975 North Holland 1012 1.2.3.4 1703628518 CloudApp datapolicy dte3831-sjc1-86asd-0088t@test.data.com https://drive.google.com dte3831-sjc1-86asd-0088t@test.data.com 0 0 0 0 [] [] 0 0 45 alertsremediationdata_CL
6 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:23 AM 065cf412fc3ab64e7cf9c71c API Connector TRUE Upload yes Remediation alert Remediation Veeva Vault eTMF Cloud Storage unknown Cloud Storage poor 1 Samsung Fold 5 IN 2 12.9634 Bengaluru 7.896 Karnataka 560058 3.86.29.24 119334 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 YnGOhEEjkculydkW File data.com/dataconnector/Active Users/US & International/Full Time Windows 7.1 policy_ga25 6559147653292628504 Veeva Vault eTMF US 2 12.9634 Bengaluru 7.896 Karnataka 560058 3.86.29.24 1703628667 CloudApp datapolicy dte3831-sjc1-86asd-0483t@test.data.com https://drive.google.com dte3831-sjc1-86asd-0483t@test.data.com 0 0 0 0 [] [] 0 0 41 alertsremediationdata_CL
7 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:23 AM 08726eda0f7d0ec4b10ee34a API Connector TRUE block Download yes Remediation alert Remediation Amazon Managed Blockchain Cloud Storage unknown Cloud Storage high 1 iPhone 11 NL 2 53.7 Amsterdam 4.8975 North Holland 1012 13.248.55.2 118681 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 rbBtMNeZpZSziVfW File data.com/dataconnector/Active Users/US & International/Full Time iOS 9.0 policy_ga2 6559147653292628505 Amazon Managed Blockchain IN 2 53.7 Amsterdam 4.8975 North Holland 1012 13.248.55.2 1703628972 CloudApp datapolicy dte3831-sjc1-86asd-06571t@test.data.com https://drive.google.com dte3831-sjc1-86asd-06571t@test.data.com 0 0 0 0 [] [] 0 0 82 alertsremediationdata_CL
8 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:23 AM 0965c56a7ab6a153958ccc44 API Connector FALSE block Delete yes Remediation alert Remediation GCP Container Registry Cloud Storage unknown Cloud Storage excellent 1 ZTE - P188T20 NL 2 52.3759 Amsterdam 7.896 North Holland 1012 1.2.3.4 118788 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 mDdfkVIFlDlRzNyY File data.com/dataconnector/Active Users/US & International/Full Time Android 11.0 policy_ga19 6559147653292628506 Google Cloud Container Registry DE 2 52.3759 Amsterdam 7.896 North Holland 1012 1.2.3.4 1703628942 CloudApp datapolicy dte3831-sjc1-86asd-02351t@test.data.com https://drive.google.com dte3831-sjc1-86asd-02351t@test.data.com 0 0 0 0 [] [] 0 0 93 alertsremediationdata_CL
9 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:23 AM 1605359c71c46f28eaebe1f5 API Connector FALSE alert Login Successful yes Remediation alert Remediation VAI S2K Enterprise OnCloud Cloud Storage unknown Cloud Storage poor 1 Other FR 1 12.9634 Ballots -19.72 Pays-de-la-Loire 3.86.29.24 118588 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 qNKQFtGNMuBOxeFC File data.com/dataconnector/Active Users/US & International/Full Time Windows 7.1 policy_ga31 6559147653292628507 Vormittag Associates S2K Enterprise FR 1 12.9634 Ballots -19.72 Pays-de-la-Loire 3.86.29.24 1703628914 CloudApp datapolicy dte3831-sjc1-86asd-23wt@test.data.com https://drive.google.com dte3831-sjc1-86asd-23wt@test.data.com 0 0 0 0 [] [] 0 0 17 alertsremediationdata_CL
10 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:23 AM 16198a1fe10abbc48025b807 API Connector TRUE block Edit yes Remediation alert Remediation CoreHealth Cloud Storage unknown Cloud Storage poor 1 Samsung Fold 5 IN 2 53.7 Bengaluru 77.5855 Karnataka 560058 13.248.55.2 119058 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 DbPMDKamlPPnWUJS File data.com/dataconnector/Active Users/US & International/Full Time Android 10.0 policy_ga53 6559147653292628508 CoreHealth Corporate Wellness Platform IN 2 53.7 Bengaluru 77.5855 Karnataka 560058 13.248.55.2 1703628551 CloudApp datapolicy dte3831-sjc1-86asd-2452t@test.data.com https://drive.google.com dte3831-sjc1-86asd-2452t@test.data.com 0 0 0 0 [] [] 0 0 21 alertsremediationdata_CL
11 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:23 AM 18a383d095feca0c1a71ea87 API Connector TRUE alert Edit yes Remediation alert Remediation Dropbox Cloud Storage unknown Cloud Storage high 1 iPhone 8 FR 1 7.896 Ballots -1.04759 Pays-de-la-Loire 19.2.5.21 118623 application.document datainstance.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 bsPjlnclVZQedBXp File data.com/dataconnector/Active Users/US & International/Full Time iOS 11.1 policy_ga0 6559147653292628509 Dropbox IN 2 7.896 Ballots -1.04759 Pays-de-la-Loire 19.2.5.21 1703629370 CloudApp datapolicy dte3831-sjc1-86asd-3424t@test.data.com https://drive.google.com dte3831-sjc1-86asd-3424t@test.data.com 0 0 0 0 [] [] 0 0 86 alertsremediationdata_CL

11
Sample Data/Custom/Netskope/alertssecurityassessmentdata_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,11 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,_id_s,access_method_s,acked_s,action_s,activity_s,alert_s,alert_name_s,alert_type_s,app_s,appcategory_s,browser_s,Category,cci_s,ccl_s,count_d,device_s,instance_id_s,object_s,object_type_s,organization_unit_s,os_s,policy_s,site_s,timestamp_d,traffic_type_s,type_s,ur_normalized_s,user_s,userkey_s,iaas_asset_tags_s,sa_rule_id_s,region_id_s,resource_category_s,asset_id_s,asset_object_id_s,sa_profile_name_s,resource_group_s,sa_profile_id_d,sAMAccountName_s,sa_rule_severity_s,policy_id_d,account_name_s,account_id_s,iaas_remediated_s,sa_rule_name_s,region_name_s,compliance_standards_s,cci_d,Type,_ResourceId
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 5:34:59 AM",,,f29688becc3e41f9d438eb97,API Connector,TRUE,block,Login Successful,yes,Security Audit,Security Assessment,Groupsite.com,Cloud Storage,unknown,Cloud Storage,,poor,1,iPhone SE (2016),netskope.com,vwyMrbQlGUUDrutT,File,netskope.local/Netskope/Active Users/US & International/Full Time,iOS 9.6,policy_ga20,Groupsite.com,1676243384,CloudApp,nspolicy,dummyuser1@something.com,dummyuser1@something.com,dummyuser1@something.com,[],,,,,,,,0,,,0,,,,,,[],32,alertssecurityassessmentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 5:34:59 AM",,,f2df4c59446ceeb3730a0e6a,API Connector,TRUE,alert,Download,yes,Security Audit,Security Assessment,MS Office Suite,Cloud Storage,unknown,Cloud Storage,,,1,ZTE - P726V,netskope.com,xiGgUgeXXddnQSjd,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 11.0,policy_ga42,MS Office Suite,1676243394,CloudApp,nspolicy,dummyuser2@something.com,dummyuser2@something.com,dummyuser2@something.com,[],,,,,,,,0,,,0,,,,,,[],,alertssecurityassessmentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 5:34:59 AM",,,f30a89bd3896a8e71ab3a7d0,API Connector,FALSE,,Upload,yes,Security Audit,Security Assessment,Feedback Loop,Cloud Storage,unknown,Cloud Storage,,poor,1,ZTE - P722G,netskope.com,xvHwkfcEwKoraIaW,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 11.0,policy_ga34,Feedback Loop,1676243390,CloudApp,nspolicy,dummyuser3@something.com,dummyuser3@something.com,dummyuser3@something.com,[],,,,,,,,0,,,0,,,,,,[],21,alertssecurityassessmentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 5:34:59 AM",,,f314d7ca07de6d43c76df48f,API Connector,TRUE,block,Delete,yes,Security Audit,Security Assessment,LinkedIn,Cloud Storage,unknown,Cloud Storage,,medium,1,ZTE - N720,netskope.com,fozfUhpIMWvAtIqv,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 11.0,policy_ga18,LinkedIn,1676243398,CloudApp,nspolicy,dummyuser4@something.com,dummyuser4@something.com,dummyuser4@something.com,[],,,,,,,,0,,,0,,,,,,[],68,alertssecurityassessmentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 5:34:59 AM",,,f3278b8ca15944c92e4c0f5a,API Connector,TRUE,alert,Delete,yes,Security Audit,Security Assessment,IQ Coordinator,Cloud Storage,unknown,Cloud Storage,,poor,1,ZTE - P253A20,netskope.com,PoqdTbkYCHdzuVLB,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 10.0,policy_ga10,IQ Coordinator,1676243384,CloudApp,nspolicy,dummyuser5@something.com,dummyuser5@something.com,dummyuser5@something.com,[],,,,,,,,0,,,0,,,,,,[],18,alertssecurityassessmentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 5:34:59 AM",,,f3974d2f014d658e6c1a2760,API Connector,FALSE,alert,Login Failed,yes,Security Audit,Security Assessment,Next Generation EASY Cloud,Cloud Storage,unknown,Cloud Storage,,poor,1,ZTE - P188T20,netskope.com,KvdDIhCQRRjpBdWH,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 11.0,policy_ga51,Next Generation EASY Cloud,1676243395,CloudApp,nspolicy,dummyuser6@something.com,dummyuser6@something.com,dummyuser6@something.com,[],,,,,,,,0,,,0,,,,,,[],48,alertssecurityassessmentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 5:34:59 AM",,,f3ee8f71411674f8dfc5b394,API Connector,TRUE,alert,Create,yes,Security Audit,Security Assessment,Square9 ECM Software,Cloud Storage,unknown,Cloud Storage,,poor,1,iPhone X,netskope.com,HSUkeEhVChHxedTL,File,netskope.local/Netskope/Active Users/US & International/Full Time,iOS 9.0,policy_ga27,Square9 ECM Software,1676243392,CloudApp,nspolicy,dummyuser7@something.com,dummyuser7@something.com,dummyuser7@something.com,[],,,,,,,,0,,,0,,,,,,[],49,alertssecurityassessmentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 5:34:59 AM",,,f4130645909a3d4530d81dbb,API Connector,TRUE,block,Create,yes,Security Audit,Security Assessment,Digi Remote Manager,Cloud Storage,unknown,Cloud Storage,,poor,1,Other,netskope.com,SztqwTJayeSvpAty,File,netskope.local/Netskope/Active Users/US & International/Full Time,Windows 11.0,policy_ga29,Digi Device Cloud,1676243380,CloudApp,nspolicy,dummyuser8@something.com,dummyuser8@something.com,dummyuser8@something.com,[],,,,,,,,0,,,0,,,,,,[],48,alertssecurityassessmentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 5:34:59 AM",,,f418f0e066e29989076f24ef,API Connector,TRUE,alert,Login Failed,yes,Security Audit,Security Assessment,QuickStart Software,Cloud Storage,unknown,Cloud Storage,,poor,1,Other,netskope.com,zLzznEzjRRJlyMFA,File,netskope.local/Netskope/Active Users/US & International/Full Time,Windows 8.0,policy_ga8,QuickStart Software,1676243377,CloudApp,nspolicy,dummyuser9@something.com,dummyuser9@something.com,dummyuser9@something.com,[],,,,,,,,0,,,0,,,,,,[],15,alertssecurityassessmentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 5:34:59 AM",,,f433128e038d2de669188298,API Connector,FALSE,block,Upload,yes,Security Audit,Security Assessment,MyEasyISO,Cloud Storage,unknown,Cloud Storage,,poor,1,iPhone 7 Plus,netskope.com,WwgtuFPaheHfIIWv,File,netskope.local/Netskope/Active Users/US & International/Full Time,iOS 11.1,policy_ga40,MyEasyISO ISO 9001 Software,1676243388,CloudApp,nspolicy,dummyuser10@something.com,dummyuser10@something.com,dummyuser10@something.com,[],,,,,,,,0,,,0,,,,,,[],36,alertssecurityassessmentdata_CL,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData _id_s access_method_s acked_s action_s activity_s alert_s alert_name_s alert_type_s app_s appcategory_s browser_s Category cci_s ccl_s count_d device_s instance_id_s object_s object_type_s organization_unit_s os_s policy_s site_s timestamp_d traffic_type_s type_s ur_normalized_s user_s userkey_s iaas_asset_tags_s sa_rule_id_s region_id_s resource_category_s asset_id_s asset_object_id_s sa_profile_name_s resource_group_s sa_profile_id_d sAMAccountName_s sa_rule_severity_s policy_id_d account_name_s account_id_s iaas_remediated_s sa_rule_name_s region_name_s compliance_standards_s cci_d Type _ResourceId
2 abcd-cdef-ghijk RestAPI 2/23/2024, 5:34:59 AM f29688becc3e41f9d438eb97 API Connector TRUE block Login Successful yes Security Audit Security Assessment Groupsite.com Cloud Storage unknown Cloud Storage poor 1 iPhone SE (2016) netskope.com vwyMrbQlGUUDrutT File netskope.local/Netskope/Active Users/US & International/Full Time iOS 9.6 policy_ga20 Groupsite.com 1676243384 CloudApp nspolicy dummyuser1@something.com dummyuser1@something.com dummyuser1@something.com [] 0 0 [] 32 alertssecurityassessmentdata_CL
3 abcd-cdef-ghijk RestAPI 2/23/2024, 5:34:59 AM f2df4c59446ceeb3730a0e6a API Connector TRUE alert Download yes Security Audit Security Assessment MS Office Suite Cloud Storage unknown Cloud Storage 1 ZTE - P726V netskope.com xiGgUgeXXddnQSjd File netskope.local/Netskope/Active Users/US & International/Full Time Android 11.0 policy_ga42 MS Office Suite 1676243394 CloudApp nspolicy dummyuser2@something.com dummyuser2@something.com dummyuser2@something.com [] 0 0 [] alertssecurityassessmentdata_CL
4 abcd-cdef-ghijk RestAPI 2/23/2024, 5:34:59 AM f30a89bd3896a8e71ab3a7d0 API Connector FALSE Upload yes Security Audit Security Assessment Feedback Loop Cloud Storage unknown Cloud Storage poor 1 ZTE - P722G netskope.com xvHwkfcEwKoraIaW File netskope.local/Netskope/Active Users/US & International/Full Time Android 11.0 policy_ga34 Feedback Loop 1676243390 CloudApp nspolicy dummyuser3@something.com dummyuser3@something.com dummyuser3@something.com [] 0 0 [] 21 alertssecurityassessmentdata_CL
5 abcd-cdef-ghijk RestAPI 2/23/2024, 5:34:59 AM f314d7ca07de6d43c76df48f API Connector TRUE block Delete yes Security Audit Security Assessment LinkedIn Cloud Storage unknown Cloud Storage medium 1 ZTE - N720 netskope.com fozfUhpIMWvAtIqv File netskope.local/Netskope/Active Users/US & International/Full Time Android 11.0 policy_ga18 LinkedIn 1676243398 CloudApp nspolicy dummyuser4@something.com dummyuser4@something.com dummyuser4@something.com [] 0 0 [] 68 alertssecurityassessmentdata_CL
6 abcd-cdef-ghijk RestAPI 2/23/2024, 5:34:59 AM f3278b8ca15944c92e4c0f5a API Connector TRUE alert Delete yes Security Audit Security Assessment IQ Coordinator Cloud Storage unknown Cloud Storage poor 1 ZTE - P253A20 netskope.com PoqdTbkYCHdzuVLB File netskope.local/Netskope/Active Users/US & International/Full Time Android 10.0 policy_ga10 IQ Coordinator 1676243384 CloudApp nspolicy dummyuser5@something.com dummyuser5@something.com dummyuser5@something.com [] 0 0 [] 18 alertssecurityassessmentdata_CL
7 abcd-cdef-ghijk RestAPI 2/23/2024, 5:34:59 AM f3974d2f014d658e6c1a2760 API Connector FALSE alert Login Failed yes Security Audit Security Assessment Next Generation EASY Cloud Cloud Storage unknown Cloud Storage poor 1 ZTE - P188T20 netskope.com KvdDIhCQRRjpBdWH File netskope.local/Netskope/Active Users/US & International/Full Time Android 11.0 policy_ga51 Next Generation EASY Cloud 1676243395 CloudApp nspolicy dummyuser6@something.com dummyuser6@something.com dummyuser6@something.com [] 0 0 [] 48 alertssecurityassessmentdata_CL
8 abcd-cdef-ghijk RestAPI 2/23/2024, 5:34:59 AM f3ee8f71411674f8dfc5b394 API Connector TRUE alert Create yes Security Audit Security Assessment Square9 ECM Software Cloud Storage unknown Cloud Storage poor 1 iPhone X netskope.com HSUkeEhVChHxedTL File netskope.local/Netskope/Active Users/US & International/Full Time iOS 9.0 policy_ga27 Square9 ECM Software 1676243392 CloudApp nspolicy dummyuser7@something.com dummyuser7@something.com dummyuser7@something.com [] 0 0 [] 49 alertssecurityassessmentdata_CL
9 abcd-cdef-ghijk RestAPI 2/23/2024, 5:34:59 AM f4130645909a3d4530d81dbb API Connector TRUE block Create yes Security Audit Security Assessment Digi Remote Manager Cloud Storage unknown Cloud Storage poor 1 Other netskope.com SztqwTJayeSvpAty File netskope.local/Netskope/Active Users/US & International/Full Time Windows 11.0 policy_ga29 Digi Device Cloud 1676243380 CloudApp nspolicy dummyuser8@something.com dummyuser8@something.com dummyuser8@something.com [] 0 0 [] 48 alertssecurityassessmentdata_CL
10 abcd-cdef-ghijk RestAPI 2/23/2024, 5:34:59 AM f418f0e066e29989076f24ef API Connector TRUE alert Login Failed yes Security Audit Security Assessment QuickStart Software Cloud Storage unknown Cloud Storage poor 1 Other netskope.com zLzznEzjRRJlyMFA File netskope.local/Netskope/Active Users/US & International/Full Time Windows 8.0 policy_ga8 QuickStart Software 1676243377 CloudApp nspolicy dummyuser9@something.com dummyuser9@something.com dummyuser9@something.com [] 0 0 [] 15 alertssecurityassessmentdata_CL
11 abcd-cdef-ghijk RestAPI 2/23/2024, 5:34:59 AM f433128e038d2de669188298 API Connector FALSE block Upload yes Security Audit Security Assessment MyEasyISO Cloud Storage unknown Cloud Storage poor 1 iPhone 7 Plus netskope.com WwgtuFPaheHfIIWv File netskope.local/Netskope/Active Users/US & International/Full Time iOS 11.1 policy_ga40 MyEasyISO ISO 9001 Software 1676243388 CloudApp nspolicy dummyuser10@something.com dummyuser10@something.com dummyuser10@something.com [] 0 0 [] 36 alertssecurityassessmentdata_CL

11
Sample Data/Custom/Netskope/alertsubadata_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,11 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,_id_s,access_method_s,acked_s,action_s,activity_s,alert_s,alert_id_g,alert_name_s,alert_type_s,app_s,app_session_id_d,appcategory_s,browser_s,browser_session_id_d,browser_version_s,Category,cci_d,ccl_s,connection_id_d,count_d,device_s,dst_country_s,dst_geoip_src_d,dst_latitude_d,dst_location_s,dst_longitude_d,dst_region_s,dst_timezone_s,dst_zipcode_s,dstip_s,event_type_s,evt_src_chnl_s,file_size_d,hostname_s,instance_id_s,managed_app_s,md5_g,object_s,object_id_g,object_type_s,organization_unit_s,os_s,os_version_s,page_s,page_site_s,parent_id_s,policy_s,policy_actions_s,profile_id_s,referer_s,score_s,severity_s,site_s,src_country_s,src_geoip_src_d,src_latitude_d,src_location_s,src_longitude_d,src_region_s,src_timezone_s,src_zipcode_s,srcip_s,telemetry_app_s,threshold_d,threshold_time_d,timestamp_d,traffic_type_s,transaction_id_d,type_s,ur_normalized_s,url_s,user_s,userip_s,userkey_s,loginurl_s,managementID_s,act_user_s,last_location_s,surhn_s,to_user_s,incident_id_d,TSS_scan_s,web_universal_connector_s,app_category_s,to_object_s,app_activity_s,distinguishedName_s,AccountType_s,last_device_s,User_SPACE_Name_s,user_id_s,activity_status_s,all_policy_matches_s,object_count_d,from_user_s,displayName_s,user_role_s,download_app_s,last_app_s,shared_credential_user_s,createdTime_s,last_region_s,audit_type_s,suppression_start_time_d,scopes_s,uba_inst1_s,file_category_s,two_factor_auth_s,group_s,bin_timestamp_d,User_SPACE_Id_s,risk_level_s,useragent_s,user_name_s,risk_level_id_d,policy_id_s,file_type_s,request_id_d,userPrincipalName_s,sanctioned_instance_s,uba_inst2_s,appsuite_s,from_user_category_s,mail_s,sAMAccountName_s,tss_mode_s,uba_ap1_s,last_timestamp_d,tss_fail_reason_s,suppression_end_time_d,to_user_category_s,netskope_activity_s,last_country_s,device_classification_s,anomaly_type_s,division_s,windowId_d,audit_category_s,src_time_s,logintype_s,tss_scan_failed_s,manager_s,protocol_s,employeeType_s,user_category_s,uba_ap2_s,policy_name_s,Type,_ResourceId
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:53 AM",,,878baed0ac06430942e7f16b,Client,FALSE,anomaly_detection,Upload,yes,mgmmi8i90xjrrr7u074upl14,Tuvis,uba,Google Gmail,7.87085E+18,Webmail,Chrome,5.22127E+18,54.0.2840.90,Webmail,0,high,533435,1,Win Device,US,1,53.7,Boardman,-19.72,Oregon,America/Los_Angeles,98052,1.2.3.4,sequence,application,1093957,EC2AMAZ-1OAJ8QB,datainstance.com,yes,60c5e014-76f2-44f2-eef2-7c00a69ce63f,20170904-000047_demo.jpg,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,,Win,Win, ,google.com,/personal/Documents,Tuvis,"[""Upload""]",Tuvis,https:// ,1,informational,Google.com,CA,2,53.7,Boardman,-19.72,Oregon,America/Toronto,97818,1.2.3.4,,1,60,1701756004,CloudApp,123414231,datapolicy,asdf523adsd0-0245t@test.data.com,my-testing-my.gmail.com,asdf523adsd0-0245t@test.data.com,1.2.3.4,asdf523adsd0-0245t@test.data.com,,,,,,,0,,,,,,,,,,,,[],0,,,,,,,,,,0,[],,,,,0,,,,,0,,,0,,,,,,,,,,0,,0,,,,,,,0,,,,,,,,,,,alertsubadata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:53 AM",,,878baed0ac06430942e7f16b,Client,TRUE,anomaly_detection,Delete,yes,p4ul5v44r1dhypotm8cuzout,Tuvis,uba,Google Gmail,7.87085E+18,Webmail,Chrome,5.22127E+18,54.0.2840.90,Webmail,43,high,533435,1,Win Device,US,1,12.9634,Amsterdam,4.8975,North Holland,America/Los_Angeles,98052,3.86.29.24,sequence,application,1093957,EC2AMAZ-1OAJ8QB,datainstance.com,yes,60c5e014-76f2-44f2-eef2-7c00a69ce63f,20170904-000047_demo.jpg,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,,Win,Win, ,google.com,/personal/Documents,Tuvis,"[""Upload""]",Tuvis,https:// ,1,informational,Google.com,CA,2,12.9634,Amsterdam,4.8975,North Holland,America/Toronto,1012,3.86.29.24,,1,60,1701756004,CloudApp,123414231,datapolicy,asdf523adsd0-0995t@test.data.com,my-testing-my.gmail.com,asdf523adsd0-0995t@test.data.com,3.86.29.24,asdf523adsd0-0995t@test.data.com,,,,,,,0,,,,,,,,,,,,[],0,,,,,,,,,,0,[],,,,,0,,,,,0,,,0,,,,,,,,,,0,,0,,,,,,,0,,,,,,,,,,,alertsubadata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:53 AM",,,878baed0ac06430942e7f16b,Client,FALSE,alert,Upload,yes,x660dlgc4mbj2j6b2j24boqg,Tuvis,uba,Google Gmail,7.87085E+18,Webmail,Chrome,5.22127E+18,54.0.2840.90,Webmail,80,high,533435,1,Win Device,US,1,7.896,Ballots,12.9634,Pays-de-la-Loire,America/Los_Angeles,98052,13.248.55.2,sequence,application,1093957,EC2AMAZ-1OAJ8QB,datainstance.com,yes,60c5e014-76f2-44f2-eef2-7c00a69ce63f,20170904-000047_demo.jpg,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,,Win,Win, ,google.com,/personal/Documents,Tuvis,"[""Upload""]",Tuvis,https:// ,1,debug,Google.com,CA,2,7.896,Ballots,12.9634,Pays-de-la-Loire,America/Toronto,,13.248.55.2,,1,60,1701756004,CloudApp,123414231,datapolicy,asdf523adsd0-0646t@test.data.com,my-testing-my.gmail.com,asdf523adsd0-0646t@test.data.com,13.248.55.2,asdf523adsd0-0646t@test.data.com,,,,,,,0,,,,,,,,,,,,[],0,,,,,,,,,,0,[],,,,,0,,,,,0,,,0,,,,,,,,,,0,,0,,,,,,,0,,,,,,,,,,,alertsubadata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:53 AM",,,878baed0ac06430942e7f16b,Client,FALSE,block,Move,yes,5nkfb30tnq1shkonzr3cgbrq,Tuvis,uba,Google Gmail,7.87085E+18,Webmail,Chrome,5.22127E+18,54.0.2840.90,Webmail,12,high,533435,1,Win Device,US,1,53.7,Amsterdam,4.8975,North Holland,America/Los_Angeles,98052,1.2.3.4,sequence,application,1093957,EC2AMAZ-1OAJ8QB,datainstance.com,yes,60c5e014-76f2-44f2-eef2-7c00a69ce63f,20170904-000047_demo.jpg,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,,Win,Win, ,google.com,/personal/Documents,Tuvis,"[""Upload""]",Tuvis,https:// ,1,debug,Google.com,CA,2,53.7,Amsterdam,4.8975,North Holland,America/Toronto,1012,1.2.3.4,,1,60,1701756004,CloudApp,123414231,datapolicy,asdf523adsd0-0014t@test.data.com,my-testing-my.gmail.com,asdf523adsd0-0014t@test.data.com,1.2.3.4,asdf523adsd0-0014t@test.data.com,,,,,,,0,,,,,,,,,,,,[],0,,,,,,,,,,0,[],,,,,0,,,,,0,,,0,,,,,,,,,,0,,0,,,,,,,0,,,,,,,,,,,alertsubadata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:53 AM",,,878baed0ac06430942e7f16b,Client,FALSE,alert,Upload,yes,dqszmgjl8m4ib0ysmq2t41ib,Tuvis,uba,Google Gmail,7.87085E+18,Webmail,Chrome,5.22127E+18,54.0.2840.90,Webmail,80,low,533435,1,Win Device,US,1,12.9634,Bengaluru,7.896,Karnataka,Asia/Kolkata,98052,3.86.29.24,sequence,application,1093957,EC2AMAZ-1OAJ8QB,datainstance.com,yes,60c5e014-76f2-44f2-eef2-7c00a69ce63f,20170904-000047_demo.jpg,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,,Win,Win, ,google.com,/personal/Documents,Tuvis,"[""Upload""]",Tuvis,https:// ,1,debug,Google.com,CA,2,12.9634,Bengaluru,7.896,Karnataka,Asia/Kolkata,560058,3.86.29.24,,1,60,1701756004,CloudApp,123414231,datapolicy,asdf523adsd0-0979t@test.data.com,my-testing-my.gmail.com,asdf523adsd0-0979t@test.data.com,3.86.29.24,asdf523adsd0-0979t@test.data.com,,,,,,,0,,,,,,,,,,,,[],0,,,,,,,,,,0,[],,,,,0,,,,,0,,,0,,,,,,,,,,0,,0,,,,,,,0,,,,,,,,,,,alertsubadata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:53 AM",,,878baed0ac06430942e7f16b,Client,TRUE,anomaly_detection,Delete,yes,3f6lub7uwtbeyhznghq1dd8l,Tuvis,uba,Google Gmail,7.87085E+18,Webmail,Chrome,5.22127E+18,54.0.2840.90,Webmail,23,high,533435,1,Win Device,US,1,53.7,Amsterdam,4.8975,North Holland,America/Los_Angeles,98052,13.248.55.2,sequence,application,1093957,EC2AMAZ-1OAJ8QB,datainstance.com,yes,60c5e014-76f2-44f2-eef2-7c00a69ce63f,20170904-000047_demo.jpg,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,,Win,Win, ,google.com,/personal/Documents,Tuvis,"[""Upload""]",Tuvis,https:// ,1,informational,Google.com,CA,2,53.7,Amsterdam,4.8975,North Holland,America/Toronto,1012,13.248.55.2,,1,60,1701756004,CloudApp,123414231,datapolicy,asdf523adsd0-0544t@test.data.com,my-testing-my.gmail.com,asdf523adsd0-0544t@test.data.com,13.248.55.2,asdf523adsd0-0544t@test.data.com,,,,,,,0,,,,,,,,,,,,[],0,,,,,,,,,,0,[],,,,,0,,,,,0,,,0,,,,,,,,,,0,,0,,,,,,,0,,,,,,,,,,,alertsubadata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:53 AM",,,878baed0ac06430942e7f16b,Client,TRUE,alert,Delete,yes,cta6exz6i06o09eznjf0mb8z,Tuvis,uba,Google Gmail,7.87085E+18,Webmail,Chrome,5.22127E+18,54.0.2840.90,Webmail,1,low,533435,1,Win Device,US,1,52.3759,Amsterdam,7.896,North Holland,America/Los_Angeles,98052,1.2.3.4,sequence,application,1093957,EC2AMAZ-1OAJ8QB,datainstance.com,yes,60c5e014-76f2-44f2-eef2-7c00a69ce63f,20170904-000047_demo.jpg,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,,Win,Win, ,google.com,/personal/Documents,Tuvis,"[""Upload""]",Tuvis,https:// ,1,informational,Google.com,CA,2,52.3759,Amsterdam,7.896,North Holland,America/Toronto,1012,1.2.3.4,,1,60,1701756004,CloudApp,123414231,datapolicy,asdf523adsd0-0838t@test.data.com,my-testing-my.gmail.com,asdf523adsd0-0838t@test.data.com,1.2.3.4,asdf523adsd0-0838t@test.data.com,,,,,,,0,,,,,,,,,,,,[],0,,,,,,,,,,0,[],,,,,0,,,,,0,,,0,,,,,,,,,,0,,0,,,,,,,0,,,,,,,,,,,alertsubadata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:53 AM",,,878baed0ac06430942e7f16b,Client,FALSE,block,Login Failed,yes,6nncdj4y37jz2dtbeifawm4r,Tuvis,uba,Google Gmail,7.87085E+18,Webmail,Chrome,5.22127E+18,54.0.2840.90,Webmail,80,low,533435,1,Win Device,US,1,12.9634,Ballots,-19.72,Pays-de-la-Loire,America/Los_Angeles,98052,3.86.29.24,sequence,application,1093957,EC2AMAZ-1OAJ8QB,datainstance.com,yes,60c5e014-76f2-44f2-eef2-7c00a69ce63f,20170904-000047_demo.jpg,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,,Win,Win, ,google.com,/personal/Documents,Tuvis,"[""Upload""]",Tuvis,https:// ,1,informational,Google.com,CA,2,12.9634,Ballots,-19.72,Pays-de-la-Loire,America/Toronto,,3.86.29.24,,1,60,1701756004,CloudApp,123414231,datapolicy,asdf523adsd0-0773t@test.data.com,my-testing-my.gmail.com,asdf523adsd0-0773t@test.data.com,3.86.29.24,asdf523adsd0-0773t@test.data.com,,,,,,,0,,,,,,,,,,,,[],0,,,,,,,,,,0,[],,,,,0,,,,,0,,,0,,,,,,,,,,0,,0,,,,,,,0,,,,,,,,,,,alertsubadata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:53 AM",,,878baed0ac06430942e7f16b,Client,FALSE,alert,Login Failed,yes,ycx2hg0vnmfgh12cq0fluixn,Tuvis,uba,Google Gmail,7.87085E+18,Webmail,Chrome,5.22127E+18,54.0.2840.90,Webmail,52,high,533435,1,Win Device,US,1,53.7,Bengaluru,77.5855,Karnataka,Asia/Kolkata,98052,13.248.55.2,sequence,application,1093957,EC2AMAZ-1OAJ8QB,datainstance.com,yes,60c5e014-76f2-44f2-eef2-7c00a69ce63f,20170904-000047_demo.jpg,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,,Win,Win, ,google.com,/personal/Documents,Tuvis,"[""Upload""]",Tuvis,https:// ,1,informational,Google.com,CA,2,53.7,Bengaluru,77.5855,Karnataka,Asia/Kolkata,560058,13.248.55.2,,1,60,1701756004,CloudApp,123414231,datapolicy,asdf523adsd0-0804t@test.data.com,my-testing-my.gmail.com,asdf523adsd0-0804t@test.data.com,13.248.55.2,asdf523adsd0-0804t@test.data.com,,,,,,,0,,,,,,,,,,,,[],0,,,,,,,,,,0,[],,,,,0,,,,,0,,,0,,,,,,,,,,0,,0,,,,,,,0,,,,,,,,,,,alertsubadata_CL,
abc123-r231-4b90-a4fd-1456abcdegdd,RestAPI,,,"2/29/2024, 7:54:53 AM",,,878baed0ac06430942e7f16b,Client,FALSE,anomaly_detection,Edit,yes,dn7pu1cfohcge8xvk4v6ki0w,Tuvis,uba,Google Gmail,7.87085E+18,Webmail,Chrome,5.22127E+18,54.0.2840.90,Webmail,4,high,533435,1,Win Device,US,1,7.896,Ballots,-1.04759,Pays-de-la-Loire,America/Los_Angeles,98052,19.2.5.21,sequence,application,1093957,EC2AMAZ-1OAJ8QB,datainstance.com,yes,60c5e014-76f2-44f2-eef2-7c00a69ce63f,20170904-000047_demo.jpg,14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i,File,,Win,Win, ,google.com,/personal/Documents,Tuvis,"[""Upload""]",Tuvis,https:// ,1,informational,Google.com,CA,2,7.896,Ballots,-1.04759,Pays-de-la-Loire,America/Toronto,,19.2.5.21,,1,60,1701756004,CloudApp,123414231,datapolicy,asdf523adsd0-0054t@test.data.com,my-testing-my.gmail.com,asdf523adsd0-0054t@test.data.com,19.2.5.21,asdf523adsd0-0054t@test.data.com,,,,,,,0,,,,,,,,,,,,[],0,,,,,,,,,,0,[],,,,,0,,,,,0,,,0,,,,,,,,,,0,,0,,,,,,,0,,,,,,,,,,,alertsubadata_CL,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData _id_s access_method_s acked_s action_s activity_s alert_s alert_id_g alert_name_s alert_type_s app_s app_session_id_d appcategory_s browser_s browser_session_id_d browser_version_s Category cci_d ccl_s connection_id_d count_d device_s dst_country_s dst_geoip_src_d dst_latitude_d dst_location_s dst_longitude_d dst_region_s dst_timezone_s dst_zipcode_s dstip_s event_type_s evt_src_chnl_s file_size_d hostname_s instance_id_s managed_app_s md5_g object_s object_id_g object_type_s organization_unit_s os_s os_version_s page_s page_site_s parent_id_s policy_s policy_actions_s profile_id_s referer_s score_s severity_s site_s src_country_s src_geoip_src_d src_latitude_d src_location_s src_longitude_d src_region_s src_timezone_s src_zipcode_s srcip_s telemetry_app_s threshold_d threshold_time_d timestamp_d traffic_type_s transaction_id_d type_s ur_normalized_s url_s user_s userip_s userkey_s loginurl_s managementID_s act_user_s last_location_s surhn_s to_user_s incident_id_d TSS_scan_s web_universal_connector_s app_category_s to_object_s app_activity_s distinguishedName_s AccountType_s last_device_s User_SPACE_Name_s user_id_s activity_status_s all_policy_matches_s object_count_d from_user_s displayName_s user_role_s download_app_s last_app_s shared_credential_user_s createdTime_s last_region_s audit_type_s suppression_start_time_d scopes_s uba_inst1_s file_category_s two_factor_auth_s group_s bin_timestamp_d User_SPACE_Id_s risk_level_s useragent_s user_name_s risk_level_id_d policy_id_s file_type_s request_id_d userPrincipalName_s sanctioned_instance_s uba_inst2_s appsuite_s from_user_category_s mail_s sAMAccountName_s tss_mode_s uba_ap1_s last_timestamp_d tss_fail_reason_s suppression_end_time_d to_user_category_s netskope_activity_s last_country_s device_classification_s anomaly_type_s division_s windowId_d audit_category_s src_time_s logintype_s tss_scan_failed_s manager_s protocol_s employeeType_s user_category_s uba_ap2_s policy_name_s Type _ResourceId
2 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:53 AM 878baed0ac06430942e7f16b Client FALSE anomaly_detection Upload yes mgmmi8i90xjrrr7u074upl14 Tuvis uba Google Gmail 7.87085E+18 Webmail Chrome 5.22127E+18 54.0.2840.90 Webmail 0 high 533435 1 Win Device US 1 53.7 Boardman -19.72 Oregon America/Los_Angeles 98052 1.2.3.4 sequence application 1093957 EC2AMAZ-1OAJ8QB datainstance.com yes 60c5e014-76f2-44f2-eef2-7c00a69ce63f 20170904-000047_demo.jpg 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File Win Win google.com /personal/Documents Tuvis ["Upload"] Tuvis https:// 1 informational Google.com CA 2 53.7 Boardman -19.72 Oregon America/Toronto 97818 1.2.3.4 1 60 1701756004 CloudApp 123414231 datapolicy asdf523adsd0-0245t@test.data.com my-testing-my.gmail.com asdf523adsd0-0245t@test.data.com 1.2.3.4 asdf523adsd0-0245t@test.data.com 0 [] 0 0 [] 0 0 0 0 0 0 alertsubadata_CL
3 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:53 AM 878baed0ac06430942e7f16b Client TRUE anomaly_detection Delete yes p4ul5v44r1dhypotm8cuzout Tuvis uba Google Gmail 7.87085E+18 Webmail Chrome 5.22127E+18 54.0.2840.90 Webmail 43 high 533435 1 Win Device US 1 12.9634 Amsterdam 4.8975 North Holland America/Los_Angeles 98052 3.86.29.24 sequence application 1093957 EC2AMAZ-1OAJ8QB datainstance.com yes 60c5e014-76f2-44f2-eef2-7c00a69ce63f 20170904-000047_demo.jpg 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File Win Win google.com /personal/Documents Tuvis ["Upload"] Tuvis https:// 1 informational Google.com CA 2 12.9634 Amsterdam 4.8975 North Holland America/Toronto 1012 3.86.29.24 1 60 1701756004 CloudApp 123414231 datapolicy asdf523adsd0-0995t@test.data.com my-testing-my.gmail.com asdf523adsd0-0995t@test.data.com 3.86.29.24 asdf523adsd0-0995t@test.data.com 0 [] 0 0 [] 0 0 0 0 0 0 alertsubadata_CL
4 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:53 AM 878baed0ac06430942e7f16b Client FALSE alert Upload yes x660dlgc4mbj2j6b2j24boqg Tuvis uba Google Gmail 7.87085E+18 Webmail Chrome 5.22127E+18 54.0.2840.90 Webmail 80 high 533435 1 Win Device US 1 7.896 Ballots 12.9634 Pays-de-la-Loire America/Los_Angeles 98052 13.248.55.2 sequence application 1093957 EC2AMAZ-1OAJ8QB datainstance.com yes 60c5e014-76f2-44f2-eef2-7c00a69ce63f 20170904-000047_demo.jpg 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File Win Win google.com /personal/Documents Tuvis ["Upload"] Tuvis https:// 1 debug Google.com CA 2 7.896 Ballots 12.9634 Pays-de-la-Loire America/Toronto 13.248.55.2 1 60 1701756004 CloudApp 123414231 datapolicy asdf523adsd0-0646t@test.data.com my-testing-my.gmail.com asdf523adsd0-0646t@test.data.com 13.248.55.2 asdf523adsd0-0646t@test.data.com 0 [] 0 0 [] 0 0 0 0 0 0 alertsubadata_CL
5 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:53 AM 878baed0ac06430942e7f16b Client FALSE block Move yes 5nkfb30tnq1shkonzr3cgbrq Tuvis uba Google Gmail 7.87085E+18 Webmail Chrome 5.22127E+18 54.0.2840.90 Webmail 12 high 533435 1 Win Device US 1 53.7 Amsterdam 4.8975 North Holland America/Los_Angeles 98052 1.2.3.4 sequence application 1093957 EC2AMAZ-1OAJ8QB datainstance.com yes 60c5e014-76f2-44f2-eef2-7c00a69ce63f 20170904-000047_demo.jpg 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File Win Win google.com /personal/Documents Tuvis ["Upload"] Tuvis https:// 1 debug Google.com CA 2 53.7 Amsterdam 4.8975 North Holland America/Toronto 1012 1.2.3.4 1 60 1701756004 CloudApp 123414231 datapolicy asdf523adsd0-0014t@test.data.com my-testing-my.gmail.com asdf523adsd0-0014t@test.data.com 1.2.3.4 asdf523adsd0-0014t@test.data.com 0 [] 0 0 [] 0 0 0 0 0 0 alertsubadata_CL
6 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:53 AM 878baed0ac06430942e7f16b Client FALSE alert Upload yes dqszmgjl8m4ib0ysmq2t41ib Tuvis uba Google Gmail 7.87085E+18 Webmail Chrome 5.22127E+18 54.0.2840.90 Webmail 80 low 533435 1 Win Device US 1 12.9634 Bengaluru 7.896 Karnataka Asia/Kolkata 98052 3.86.29.24 sequence application 1093957 EC2AMAZ-1OAJ8QB datainstance.com yes 60c5e014-76f2-44f2-eef2-7c00a69ce63f 20170904-000047_demo.jpg 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File Win Win google.com /personal/Documents Tuvis ["Upload"] Tuvis https:// 1 debug Google.com CA 2 12.9634 Bengaluru 7.896 Karnataka Asia/Kolkata 560058 3.86.29.24 1 60 1701756004 CloudApp 123414231 datapolicy asdf523adsd0-0979t@test.data.com my-testing-my.gmail.com asdf523adsd0-0979t@test.data.com 3.86.29.24 asdf523adsd0-0979t@test.data.com 0 [] 0 0 [] 0 0 0 0 0 0 alertsubadata_CL
7 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:53 AM 878baed0ac06430942e7f16b Client TRUE anomaly_detection Delete yes 3f6lub7uwtbeyhznghq1dd8l Tuvis uba Google Gmail 7.87085E+18 Webmail Chrome 5.22127E+18 54.0.2840.90 Webmail 23 high 533435 1 Win Device US 1 53.7 Amsterdam 4.8975 North Holland America/Los_Angeles 98052 13.248.55.2 sequence application 1093957 EC2AMAZ-1OAJ8QB datainstance.com yes 60c5e014-76f2-44f2-eef2-7c00a69ce63f 20170904-000047_demo.jpg 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File Win Win google.com /personal/Documents Tuvis ["Upload"] Tuvis https:// 1 informational Google.com CA 2 53.7 Amsterdam 4.8975 North Holland America/Toronto 1012 13.248.55.2 1 60 1701756004 CloudApp 123414231 datapolicy asdf523adsd0-0544t@test.data.com my-testing-my.gmail.com asdf523adsd0-0544t@test.data.com 13.248.55.2 asdf523adsd0-0544t@test.data.com 0 [] 0 0 [] 0 0 0 0 0 0 alertsubadata_CL
8 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:53 AM 878baed0ac06430942e7f16b Client TRUE alert Delete yes cta6exz6i06o09eznjf0mb8z Tuvis uba Google Gmail 7.87085E+18 Webmail Chrome 5.22127E+18 54.0.2840.90 Webmail 1 low 533435 1 Win Device US 1 52.3759 Amsterdam 7.896 North Holland America/Los_Angeles 98052 1.2.3.4 sequence application 1093957 EC2AMAZ-1OAJ8QB datainstance.com yes 60c5e014-76f2-44f2-eef2-7c00a69ce63f 20170904-000047_demo.jpg 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File Win Win google.com /personal/Documents Tuvis ["Upload"] Tuvis https:// 1 informational Google.com CA 2 52.3759 Amsterdam 7.896 North Holland America/Toronto 1012 1.2.3.4 1 60 1701756004 CloudApp 123414231 datapolicy asdf523adsd0-0838t@test.data.com my-testing-my.gmail.com asdf523adsd0-0838t@test.data.com 1.2.3.4 asdf523adsd0-0838t@test.data.com 0 [] 0 0 [] 0 0 0 0 0 0 alertsubadata_CL
9 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:53 AM 878baed0ac06430942e7f16b Client FALSE block Login Failed yes 6nncdj4y37jz2dtbeifawm4r Tuvis uba Google Gmail 7.87085E+18 Webmail Chrome 5.22127E+18 54.0.2840.90 Webmail 80 low 533435 1 Win Device US 1 12.9634 Ballots -19.72 Pays-de-la-Loire America/Los_Angeles 98052 3.86.29.24 sequence application 1093957 EC2AMAZ-1OAJ8QB datainstance.com yes 60c5e014-76f2-44f2-eef2-7c00a69ce63f 20170904-000047_demo.jpg 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File Win Win google.com /personal/Documents Tuvis ["Upload"] Tuvis https:// 1 informational Google.com CA 2 12.9634 Ballots -19.72 Pays-de-la-Loire America/Toronto 3.86.29.24 1 60 1701756004 CloudApp 123414231 datapolicy asdf523adsd0-0773t@test.data.com my-testing-my.gmail.com asdf523adsd0-0773t@test.data.com 3.86.29.24 asdf523adsd0-0773t@test.data.com 0 [] 0 0 [] 0 0 0 0 0 0 alertsubadata_CL
10 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:53 AM 878baed0ac06430942e7f16b Client FALSE alert Login Failed yes ycx2hg0vnmfgh12cq0fluixn Tuvis uba Google Gmail 7.87085E+18 Webmail Chrome 5.22127E+18 54.0.2840.90 Webmail 52 high 533435 1 Win Device US 1 53.7 Bengaluru 77.5855 Karnataka Asia/Kolkata 98052 13.248.55.2 sequence application 1093957 EC2AMAZ-1OAJ8QB datainstance.com yes 60c5e014-76f2-44f2-eef2-7c00a69ce63f 20170904-000047_demo.jpg 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File Win Win google.com /personal/Documents Tuvis ["Upload"] Tuvis https:// 1 informational Google.com CA 2 53.7 Bengaluru 77.5855 Karnataka Asia/Kolkata 560058 13.248.55.2 1 60 1701756004 CloudApp 123414231 datapolicy asdf523adsd0-0804t@test.data.com my-testing-my.gmail.com asdf523adsd0-0804t@test.data.com 13.248.55.2 asdf523adsd0-0804t@test.data.com 0 [] 0 0 [] 0 0 0 0 0 0 alertsubadata_CL
11 abc123-r231-4b90-a4fd-1456abcdegdd RestAPI 2/29/2024, 7:54:53 AM 878baed0ac06430942e7f16b Client FALSE anomaly_detection Edit yes dn7pu1cfohcge8xvk4v6ki0w Tuvis uba Google Gmail 7.87085E+18 Webmail Chrome 5.22127E+18 54.0.2840.90 Webmail 4 high 533435 1 Win Device US 1 7.896 Ballots -1.04759 Pays-de-la-Loire America/Los_Angeles 98052 19.2.5.21 sequence application 1093957 EC2AMAZ-1OAJ8QB datainstance.com yes 60c5e014-76f2-44f2-eef2-7c00a69ce63f 20170904-000047_demo.jpg 14WLYNjJxKgEyqfalskjfhaotlowurnmcxjklhpdsohqi2i File Win Win google.com /personal/Documents Tuvis ["Upload"] Tuvis https:// 1 informational Google.com CA 2 7.896 Ballots -1.04759 Pays-de-la-Loire America/Toronto 19.2.5.21 1 60 1701756004 CloudApp 123414231 datapolicy asdf523adsd0-0054t@test.data.com my-testing-my.gmail.com asdf523adsd0-0054t@test.data.com 19.2.5.21 asdf523adsd0-0054t@test.data.com 0 [] 0 0 [] 0 0 0 0 0 0 alertsubadata_CL

11
Sample Data/Custom/Netskope/eventsapplicationdata_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,11 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,_id_s,access_method_s,action_s,activity_s,alert_s,alert_type_s,app_s,appcategory_s,browser_s,Category,cci_d,ccl_s,count_d,device_s,dst_country_s,dst_geoip_src_d,dst_latitude_d,dst_location_s,dst_longitude_d,dst_region_s,dst_zipcode_s,dstip_s,exposure_s,file_lang_s,file_path_s,file_size_d,file_type_s,instance_s,instance_id_s,md5_g,mime_type_s,modified_d,object_s,object_id_s,object_type_s,organization_unit_s,os_s,other_categories_s,owner_s,policy_s,request_id_s,scan_type_s,site_s,src_country_s,src_geoip_src_d,src_latitude_d,src_location_s,src_longitude_d,src_region_s,src_zipcode_s,srcip_s,suppression_key_s,timestamp_d,traffic_type_s,type_s,ur_normalized_s,url_s,user_s,userkey_s,orignal_file_path_s,managed_app_s,userip_s,resp_cnt_d,dst_timezone_s,protocol_s,hostname_s,dlp_profile_s,to_user_s,parent_id_s,CononicalName_s,dlp_rule_s,total_collaborator_count_d,sha256_s,shared_with_s,dsthost_s,severity_s,suppression_end_time_d,dlp_unique_count_d,audit_category_s,app_session_id_d,workspace_id_s,req_cnt_d,universal_connector_s,logintype_s,connection_id_d,app_activity_s,channel_id_s,src_timezone_s,numbytes_d,conn_duration_d,managementID_s,dlp_is_unique_count_s,dlp_mail_parent_id_s,from_user_category_s,policy_id_s,useragent_s,device_classification_s,dlp_file_s,dlp_rule_count_d,sAMAccountName_s,audit_type_s,telemetry_app_s,web_universal_connector_s,title_s,data_type_s,userPrincipalName_s,page_s,serial_s,sessionid_s,smtp_to_s,appsuite_s,log_file_name_s,dlp_parent_id_d,tss_mode_s,server_bytes_d,client_bytes_d,page_site_s,loginurl_s,os_version_s,fromlogs_s,true_obj_category_s,true_obj_type_s,browser_session_id_d,workspace_s,dlp_rule_severity_s,dstport_d,netskope_activity_s,data_center_s,dlp_incident_id_d,suppression_start_time_d,nsdeviceuid_s,org_s,src_time_s,user_id_s,custom_connector_s,transaction_id_d,user_category_s,netskope_pop_s,browser_version_s,from_user_s,referer_s,internal_collaborator_count_d,sanctioned_instance_s,notify_template_s,cci_s,Type,_ResourceId
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 11:39:46 AM",,,757f3e4ac4a015c2b0a210ad,API Connector,alert,Login Successful,yes,quarantine,Ekos Brewmaster,Cloud Storage,unknown,Cloud Storage,12,poor,1,ZTE - P726N,FR,2,58.8323,Paris,12.4075,Île-de-France,75015,1.2.3.4,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,118540,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,MhQiicRnBqGHFKGg,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 10.0,[],dummyuser1@something.com,policy_ga36,2459149802892628500,Ongoing,Ekos Brewmaster,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,Tenant Migration across MPs,1676243254,CloudApp,nspolicy,tempuser1@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,tempuser1@something.com,tempuser1@something.com,,,,0,,,,,,,,,0,,,,,0,0,,0,,0,,,0,,,,0,0,,,,,,,,,0,,,,,,,,,,,[],,,0,,0,0,,,,,,,0,,,0,,,0,0,,,,,,0,,,,,,0,,,,eventsapplicationdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 11:39:46 AM",,,75804388d4192925e022b6fc,API Connector,,Download,yes,quarantine,Real Time Cloud Services,Cloud Storage,unknown,Cloud Storage,39,poor,1,ZTE - P726N,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,1.2.3.4,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,118418,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,tUmxqyiIMHhzJCUA,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 11.0,[],dummyuser2@something.com,policy_ga6,2459149802892628500,Ongoing,Real Time Cloud Services,IN,2,29.0748,Mumbai,82.8856,Maharashtra,400072,5.6.7.8,Tenant Migration across MPs,1676243244,CloudApp,nspolicy,tempuser2@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,tempuser2@something.com,tempuser2@something.com,,,,0,,,,,,,,,0,,,,,0,0,,0,,0,,,0,,,,0,0,,,,,,,,,0,,,,,,,,,,,[],,,0,,0,0,,,,,,,0,,,0,,,0,0,,,,,,0,,,,,,0,,,,eventsapplicationdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 11:39:46 AM",,,7581f4a7da63d0b04d09064c,API Connector,alert,Edit,yes,Remediation,Thomas Jefferson University,Cloud Storage,unknown,Cloud Storage,,unknown,1,ZTE - P117A13,US,2,52.8571,Lakeside,-106.9191,California,92040,1.2.3.4,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,118707,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,DGSbPHjMixhisfmm,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 10.0,[],dummyuser3@something.com,policy_ga13,2459149802892628500,Ongoing,Thomas Jefferson University,US,2,42.8571,Lakeside,-106.9191,California,92040,5.6.7.8,Tenant Migration across MPs,1676243244,CloudApp,nspolicy,tempuser3@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,tempuser3@something.com,tempuser3@something.com,,,,0,,,,,,,,,0,,,,,0,0,,0,,0,,,0,,,,0,0,,,,,,,,,0,,,,,,,,,,,[],,,0,,0,0,,,,,,,0,,,0,,,0,0,,,,,,0,,,,,,0,,,,eventsapplicationdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 11:39:46 AM",,,7581fe8700403843dba63190,API Connector,block,Delete,yes,legal hold,Shooter Suite,Cloud Storage,unknown,Cloud Storage,12,poor,1,ZTE - NX501,FR,2,68.8323,Paris,12.4075,Île-de-France,75015,1.2.3.4,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,118984,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,jZtpxrmvqsdCzZYJ,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 10.0,[],dummyuser4@something.com,policy_ga42,2459149802892628500,Ongoing,Shooter Suite,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,Tenant Migration across MPs,1676243237,CloudApp,nspolicy,tempuser4@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,tempuser4@something.com,tempuser4@something.com,,,,0,,,,,,,,,0,,,,,0,0,,0,,0,,,0,,,,0,0,,,,,,,,,0,,,,,,,,,,,[],,,0,,0,0,,,,,,,0,,,0,,,0,0,,,,,,0,,,,,,0,,,,eventsapplicationdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 11:39:46 AM",,,7585779147907c860810fedb,API Connector,,Download,yes,Remediation,Mainspring CMS,Cloud Storage,unknown,Cloud Storage,3,unknown,1,Other,US,2,55.8234,Boardman,-109.7257,Oregon,97818,1.2.3.4,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,119402,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,KnBBdmGDJswydJwj,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,Windows 7.1,[],dummyuser5@something.com,policy_ga1,2459149802892628500,Ongoing,Mainspring CMS,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,Tenant Migration across MPs,1676243221,CloudApp,nspolicy,tempuser5@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,tempuser5@something.com,tempuser5@something.com,,,,0,,,,,,,,,0,,,,,0,0,,0,,0,,,0,,,,0,0,,,,,,,,,0,,,,,,,,,,,[],,,0,,0,0,,,,,,,0,,,0,,,0,0,,,,,,0,,,,,,0,,,,eventsapplicationdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 11:39:46 AM",,,759f3259a51a7a624224edf0,API Connector,alert,Upload,yes,Malware,IIJ Document Exchange service(DOX),Cloud Storage,unknown,Cloud Storage,66,medium,1,ZTE - P726V,US,2,55.8234,Boardman,-109.7257,Oregon,97818,1.2.3.4,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,118631,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,lYQoovfPPwzfmqyc,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 11.0,[],dummyuser6@something.com,policy_ga22,2459149802892628500,Ongoing,IIJ Document Exchange service(DOX),DE,2,60.1188,Frankfurt am Main,18.6843,Hesse,60313,5.6.7.8,Tenant Migration across MPs,1676243206,CloudApp,nspolicy,tempuser6@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,tempuser6@something.com,tempuser6@something.com,,,,0,,,,,,,,,0,,,,,0,0,,0,,0,,,0,,,,0,0,,,,,,,,,0,,,,,,,,,,,[],,,0,,0,0,,,,,,,0,,,0,,,0,0,,,,,,0,,,,,,0,,,,eventsapplicationdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 11:39:46 AM",,,75a31fe07f16fc9cf542a2f9,API Connector,,Edit,yes,Remediation,Careers Baron,Cloud Storage,unknown,Cloud Storage,,unknown,1,Other,US,2,52.8571,Lakeside,-106.9191,California,92040,1.2.3.4,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,118413,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,hZhOnmOOZArBTImy,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,Windows 8.0,[],dummyuser7@something.com,policy_ga52,2459149802892628500,Ongoing,Careers Baron,US,2,42.8571,Lakeside,-106.9191,California,92040,5.6.7.8,Tenant Migration across MPs,1676243231,CloudApp,nspolicy,tempuser7@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,tempuser7@something.com,tempuser7@something.com,,,,0,,,,,,,,,0,,,,,0,0,,0,,0,,,0,,,,0,0,,,,,,,,,0,,,,,,,,,,,[],,,0,,0,0,,,,,,,0,,,0,,,0,0,,,,,,0,,,,,,0,,,,eventsapplicationdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 11:39:46 AM",,,75a53ac9415f208c73973067,API Connector,,Create,yes,Remediation,Saks Fifth Avenue,Cloud Storage,unknown,Cloud Storage,,unknown,1,Other,IN,2,29.0748,Mumbai,82.8856,Maharashtra,400072,1.2.3.4,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,119235,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,hfanELTPzPegZfkz,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,Windows 7.1,[],dummyuser8@something.com,policy_ga47,2459149802892628500,Ongoing,Saks Fifth Avenue,DE,2,60.1188,Frankfurt am Main,18.6843,Hesse,60313,5.6.7.8,Tenant Migration across MPs,1676243231,CloudApp,nspolicy,tempuser8@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,tempuser8@something.com,tempuser8@something.com,,,,0,,,,,,,,,0,,,,,0,0,,0,,0,,,0,,,,0,0,,,,,,,,,0,,,,,,,,,,,[],,,0,,0,0,,,,,,,0,,,0,,,0,0,,,,,,0,,,,,,0,,,,eventsapplicationdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 11:39:46 AM",,,75a78d113b45442991dc297a,API Connector,alert,Login Failed,yes,policy,eLearning Platform,Cloud Storage,unknown,Cloud Storage,,unknown,1,iPhone 6S,IN,2,29.0748,Mumbai,82.8856,Maharashtra,400072,1.2.3.4,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,119028,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,XPTIggGqLKHHOgCk,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,iOS 9.6,[],dummyuser9@something.com,policy_ga2,2459149802892628500,Ongoing,eLearning Platform,US,2,42.8571,Lakeside,-106.9191,California,92040,5.6.7.8,Tenant Migration across MPs,1676243230,CloudApp,nspolicy,tempuser9@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,tempuser9@something.com,tempuser9@something.com,,,,0,,,,,,,,,0,,,,,0,0,,0,,0,,,0,,,,0,0,,,,,,,,,0,,,,,,,,,,,[],,,0,,0,0,,,,,,,0,,,0,,,0,0,,,,,,0,,,,,,0,,,,eventsapplicationdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/22/2024, 11:39:46 AM",,,75a81aad3192f7f4efd32009,API Connector,,Edit,yes,Malware,CareerHarmony,Cloud Storage,unknown,Cloud Storage,,,2,ZTE - Grand-S,FR,2,58.8323,Paris,12.4075,Île-de-France,75015,1.2.3.4,organisation_wide_link,ENGLISH,/My Drive/Clickhouse/Tenant Migration across MPs,118968,application/vnd.google-apps.document,netskope.com,netskope.com,4bf76801-95ec-aed5-5e3e-dabb5d95ca01,application/vnd.google-apps.document,1613760236,hxjrHXZHqSTzxiYx,14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg,File,netskope.local/Netskope/Active Users/US & International/Full Time,Android 10.0,[],dummyuser10@something.com,policy_ga19,2459149802892628500,Ongoing,CareerHarmony,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,Tenant Migration across MPs,1676243245,CloudApp,nspolicy,tempuser10@something.com,https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r,tempuser10@something.com,tempuser10@something.com,,,,0,,,,,,,,,0,,,,,0,0,,0,,0,,,0,,,,0,0,,,,,,,,,0,,,,,,,,,,,[],,,0,,0,0,,,,,,,0,,,0,,,0,0,,,,,,0,,,,,,0,,,,eventsapplicationdata_CL,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData _id_s access_method_s action_s activity_s alert_s alert_type_s app_s appcategory_s browser_s Category cci_d ccl_s count_d device_s dst_country_s dst_geoip_src_d dst_latitude_d dst_location_s dst_longitude_d dst_region_s dst_zipcode_s dstip_s exposure_s file_lang_s file_path_s file_size_d file_type_s instance_s instance_id_s md5_g mime_type_s modified_d object_s object_id_s object_type_s organization_unit_s os_s other_categories_s owner_s policy_s request_id_s scan_type_s site_s src_country_s src_geoip_src_d src_latitude_d src_location_s src_longitude_d src_region_s src_zipcode_s srcip_s suppression_key_s timestamp_d traffic_type_s type_s ur_normalized_s url_s user_s userkey_s orignal_file_path_s managed_app_s userip_s resp_cnt_d dst_timezone_s protocol_s hostname_s dlp_profile_s to_user_s parent_id_s CononicalName_s dlp_rule_s total_collaborator_count_d sha256_s shared_with_s dsthost_s severity_s suppression_end_time_d dlp_unique_count_d audit_category_s app_session_id_d workspace_id_s req_cnt_d universal_connector_s logintype_s connection_id_d app_activity_s channel_id_s src_timezone_s numbytes_d conn_duration_d managementID_s dlp_is_unique_count_s dlp_mail_parent_id_s from_user_category_s policy_id_s useragent_s device_classification_s dlp_file_s dlp_rule_count_d sAMAccountName_s audit_type_s telemetry_app_s web_universal_connector_s title_s data_type_s userPrincipalName_s page_s serial_s sessionid_s smtp_to_s appsuite_s log_file_name_s dlp_parent_id_d tss_mode_s server_bytes_d client_bytes_d page_site_s loginurl_s os_version_s fromlogs_s true_obj_category_s true_obj_type_s browser_session_id_d workspace_s dlp_rule_severity_s dstport_d netskope_activity_s data_center_s dlp_incident_id_d suppression_start_time_d nsdeviceuid_s org_s src_time_s user_id_s custom_connector_s transaction_id_d user_category_s netskope_pop_s browser_version_s from_user_s referer_s internal_collaborator_count_d sanctioned_instance_s notify_template_s cci_s Type _ResourceId
2 abcd-cdef-ghijk RestAPI 2/22/2024, 11:39:46 AM 757f3e4ac4a015c2b0a210ad API Connector alert Login Successful yes quarantine Ekos Brewmaster Cloud Storage unknown Cloud Storage 12 poor 1 ZTE - P726N FR 2 58.8323 Paris 12.4075 Île-de-France 75015 1.2.3.4 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 118540 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 MhQiicRnBqGHFKGg 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time Android 10.0 [] dummyuser1@something.com policy_ga36 2459149802892628500 Ongoing Ekos Brewmaster NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 Tenant Migration across MPs 1676243254 CloudApp nspolicy tempuser1@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r tempuser1@something.com tempuser1@something.com 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 0 0 0 0 eventsapplicationdata_CL
3 abcd-cdef-ghijk RestAPI 2/22/2024, 11:39:46 AM 75804388d4192925e022b6fc API Connector Download yes quarantine Real Time Cloud Services Cloud Storage unknown Cloud Storage 39 poor 1 ZTE - P726N NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 1.2.3.4 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 118418 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 tUmxqyiIMHhzJCUA 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time Android 11.0 [] dummyuser2@something.com policy_ga6 2459149802892628500 Ongoing Real Time Cloud Services IN 2 29.0748 Mumbai 82.8856 Maharashtra 400072 5.6.7.8 Tenant Migration across MPs 1676243244 CloudApp nspolicy tempuser2@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r tempuser2@something.com tempuser2@something.com 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 0 0 0 0 eventsapplicationdata_CL
4 abcd-cdef-ghijk RestAPI 2/22/2024, 11:39:46 AM 7581f4a7da63d0b04d09064c API Connector alert Edit yes Remediation Thomas Jefferson University Cloud Storage unknown Cloud Storage unknown 1 ZTE - P117A13 US 2 52.8571 Lakeside -106.9191 California 92040 1.2.3.4 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 118707 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 DGSbPHjMixhisfmm 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time Android 10.0 [] dummyuser3@something.com policy_ga13 2459149802892628500 Ongoing Thomas Jefferson University US 2 42.8571 Lakeside -106.9191 California 92040 5.6.7.8 Tenant Migration across MPs 1676243244 CloudApp nspolicy tempuser3@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r tempuser3@something.com tempuser3@something.com 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 0 0 0 0 eventsapplicationdata_CL
5 abcd-cdef-ghijk RestAPI 2/22/2024, 11:39:46 AM 7581fe8700403843dba63190 API Connector block Delete yes legal hold Shooter Suite Cloud Storage unknown Cloud Storage 12 poor 1 ZTE - NX501 FR 2 68.8323 Paris 12.4075 Île-de-France 75015 1.2.3.4 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 118984 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 jZtpxrmvqsdCzZYJ 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time Android 10.0 [] dummyuser4@something.com policy_ga42 2459149802892628500 Ongoing Shooter Suite NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 Tenant Migration across MPs 1676243237 CloudApp nspolicy tempuser4@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r tempuser4@something.com tempuser4@something.com 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 0 0 0 0 eventsapplicationdata_CL
6 abcd-cdef-ghijk RestAPI 2/22/2024, 11:39:46 AM 7585779147907c860810fedb API Connector Download yes Remediation Mainspring CMS Cloud Storage unknown Cloud Storage 3 unknown 1 Other US 2 55.8234 Boardman -109.7257 Oregon 97818 1.2.3.4 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 119402 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 KnBBdmGDJswydJwj 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time Windows 7.1 [] dummyuser5@something.com policy_ga1 2459149802892628500 Ongoing Mainspring CMS NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 Tenant Migration across MPs 1676243221 CloudApp nspolicy tempuser5@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r tempuser5@something.com tempuser5@something.com 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 0 0 0 0 eventsapplicationdata_CL
7 abcd-cdef-ghijk RestAPI 2/22/2024, 11:39:46 AM 759f3259a51a7a624224edf0 API Connector alert Upload yes Malware IIJ Document Exchange service(DOX) Cloud Storage unknown Cloud Storage 66 medium 1 ZTE - P726V US 2 55.8234 Boardman -109.7257 Oregon 97818 1.2.3.4 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 118631 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 lYQoovfPPwzfmqyc 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time Android 11.0 [] dummyuser6@something.com policy_ga22 2459149802892628500 Ongoing IIJ Document Exchange service(DOX) DE 2 60.1188 Frankfurt am Main 18.6843 Hesse 60313 5.6.7.8 Tenant Migration across MPs 1676243206 CloudApp nspolicy tempuser6@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r tempuser6@something.com tempuser6@something.com 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 0 0 0 0 eventsapplicationdata_CL
8 abcd-cdef-ghijk RestAPI 2/22/2024, 11:39:46 AM 75a31fe07f16fc9cf542a2f9 API Connector Edit yes Remediation Careers Baron Cloud Storage unknown Cloud Storage unknown 1 Other US 2 52.8571 Lakeside -106.9191 California 92040 1.2.3.4 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 118413 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 hZhOnmOOZArBTImy 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time Windows 8.0 [] dummyuser7@something.com policy_ga52 2459149802892628500 Ongoing Careers Baron US 2 42.8571 Lakeside -106.9191 California 92040 5.6.7.8 Tenant Migration across MPs 1676243231 CloudApp nspolicy tempuser7@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r tempuser7@something.com tempuser7@something.com 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 0 0 0 0 eventsapplicationdata_CL
9 abcd-cdef-ghijk RestAPI 2/22/2024, 11:39:46 AM 75a53ac9415f208c73973067 API Connector Create yes Remediation Saks Fifth Avenue Cloud Storage unknown Cloud Storage unknown 1 Other IN 2 29.0748 Mumbai 82.8856 Maharashtra 400072 1.2.3.4 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 119235 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 hfanELTPzPegZfkz 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time Windows 7.1 [] dummyuser8@something.com policy_ga47 2459149802892628500 Ongoing Saks Fifth Avenue DE 2 60.1188 Frankfurt am Main 18.6843 Hesse 60313 5.6.7.8 Tenant Migration across MPs 1676243231 CloudApp nspolicy tempuser8@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r tempuser8@something.com tempuser8@something.com 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 0 0 0 0 eventsapplicationdata_CL
10 abcd-cdef-ghijk RestAPI 2/22/2024, 11:39:46 AM 75a78d113b45442991dc297a API Connector alert Login Failed yes policy eLearning Platform Cloud Storage unknown Cloud Storage unknown 1 iPhone 6S IN 2 29.0748 Mumbai 82.8856 Maharashtra 400072 1.2.3.4 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 119028 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 XPTIggGqLKHHOgCk 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time iOS 9.6 [] dummyuser9@something.com policy_ga2 2459149802892628500 Ongoing eLearning Platform US 2 42.8571 Lakeside -106.9191 California 92040 5.6.7.8 Tenant Migration across MPs 1676243230 CloudApp nspolicy tempuser9@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r tempuser9@something.com tempuser9@something.com 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 0 0 0 0 eventsapplicationdata_CL
11 abcd-cdef-ghijk RestAPI 2/22/2024, 11:39:46 AM 75a81aad3192f7f4efd32009 API Connector Edit yes Malware CareerHarmony Cloud Storage unknown Cloud Storage 2 ZTE - Grand-S FR 2 58.8323 Paris 12.4075 Île-de-France 75015 1.2.3.4 organisation_wide_link ENGLISH /My Drive/Clickhouse/Tenant Migration across MPs 118968 application/vnd.google-apps.document netskope.com netskope.com 4bf76801-95ec-aed5-5e3e-dabb5d95ca01 application/vnd.google-apps.document 1613760236 hxjrHXZHqSTzxiYx 14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82rGg File netskope.local/Netskope/Active Users/US & International/Full Time Android 10.0 [] dummyuser10@something.com policy_ga19 2459149802892628500 Ongoing CareerHarmony NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 Tenant Migration across MPs 1676243245 CloudApp nspolicy tempuser10@something.com https://drive.google.com/open?id=14WLYNjJxKgEyqIoNAcb57aPGx9_klcxTo3MyjF82r tempuser10@something.com tempuser10@something.com 0 0 0 0 0 0 0 0 0 0 [] 0 0 0 0 0 0 0 0 0 eventsapplicationdata_CL

11
Sample Data/Custom/Netskope/eventsauditdata_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,11 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,timestamp_d,type_s,user_s,severity_level_d,audit_log_event_s,supporting_data_data_type_s,supporting_data_data_values_s,organization_unit_s,ur_normalized_s,count_d,_id_s,details_s,sAMAccountName_s,ccl_s,userPrincipalName_s,Type,_ResourceId
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 1:25:33 PM",,,1701153779,admin_audit_logs,dummyuser@something.com,2,SSO Login Successful,user,"[""dummy.user@something.com""]",,dummyuser@something.com,1,929f6ccdd5aa9782930abd5a,[],,,,eventsauditdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 1:25:33 PM",,,1701153779,admin_audit_logs,dummyuser@something.com,2,Login Successful,user,"[""24.29.140.10"",""dummy.user@something.com""]",,dummyuser@something.com,1,cd6b9161713ccc6429fce7a4,[],,,,eventsauditdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 1:25:33 PM",,,1701249894,admin_audit_logs,dummyuser@something.com,2,Login Successful,user,"[""24.29.140.10"",""dummy.user@something.com""]",,dummyuser@something.com,1,1dae3c6bbc57bc5145de505a,[],,,,eventsauditdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 1:25:33 PM",,,1701249894,admin_audit_logs,dummyuser@something.com,2,SSO Login Successful,user,"[""dummy.user@something.com""]",,dummyuser@something.com,1,b00777d35066571f9af2e10d,[],,,,eventsauditdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 1:25:33 PM",,,1701251729,admin_audit_logs,dummyuser@something.com,2,Logout Successful,reason,"[""Logged out due to inactivity""]",,dummyuser@something.com,1,8bf54c28227c16589b35499b,[],,,,eventsauditdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 1:25:33 PM",,,1701771708,admin_audit_logs,dummyuser@something.com,2,Login Successful,user,"[""24.29.134.11"",""dummy.user@something.com""]",,dummyuser@something.com,1,2238d53ed0c735384ad60f58,[],,,,eventsauditdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 1:25:33 PM",,,1701771708,admin_audit_logs,dummyuser@something.com,2,SSO Login Successful,user,"[""dummy.user@something.com""]",,dummyuser@something.com,1,8dbc9e2fe476c6f1988d6c43,[],,,,eventsauditdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 1:25:33 PM",,,1701773590,admin_audit_logs,dummyuser@something.com,2,Logout Successful,reason,"[""Logged out due to inactivity""]",,dummyuser@something.com,1,a25ef7c8e1d7e32e6573e35c,[],,,,eventsauditdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 1:25:33 PM",,,1701843916,admin_audit_logs,dummyuser@something.com,2,SSO Login Successful,user,"[""dummy.user@something.com""]",,dummyuser@something.com,1,ad5059e4cdb488132468806c,[],,,,eventsauditdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/23/2024, 1:25:33 PM",,,1701843916,admin_audit_logs,dummyuser@something.com,2,Login Successful,user,"[""24.29.140.10"",""dummy.user@something.com""]",,dummyuser@something.com,1,c0b00d1fe9a2cd6e4f486453,[],,,,eventsauditdata_CL,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData timestamp_d type_s user_s severity_level_d audit_log_event_s supporting_data_data_type_s supporting_data_data_values_s organization_unit_s ur_normalized_s count_d _id_s details_s sAMAccountName_s ccl_s userPrincipalName_s Type _ResourceId
2 abcd-cdef-ghijk RestAPI 2/23/2024, 1:25:33 PM 1701153779 admin_audit_logs dummyuser@something.com 2 SSO Login Successful user ["dummy.user@something.com"] dummyuser@something.com 1 929f6ccdd5aa9782930abd5a [] eventsauditdata_CL
3 abcd-cdef-ghijk RestAPI 2/23/2024, 1:25:33 PM 1701153779 admin_audit_logs dummyuser@something.com 2 Login Successful user ["24.29.140.10","dummy.user@something.com"] dummyuser@something.com 1 cd6b9161713ccc6429fce7a4 [] eventsauditdata_CL
4 abcd-cdef-ghijk RestAPI 2/23/2024, 1:25:33 PM 1701249894 admin_audit_logs dummyuser@something.com 2 Login Successful user ["24.29.140.10","dummy.user@something.com"] dummyuser@something.com 1 1dae3c6bbc57bc5145de505a [] eventsauditdata_CL
5 abcd-cdef-ghijk RestAPI 2/23/2024, 1:25:33 PM 1701249894 admin_audit_logs dummyuser@something.com 2 SSO Login Successful user ["dummy.user@something.com"] dummyuser@something.com 1 b00777d35066571f9af2e10d [] eventsauditdata_CL
6 abcd-cdef-ghijk RestAPI 2/23/2024, 1:25:33 PM 1701251729 admin_audit_logs dummyuser@something.com 2 Logout Successful reason ["Logged out due to inactivity"] dummyuser@something.com 1 8bf54c28227c16589b35499b [] eventsauditdata_CL
7 abcd-cdef-ghijk RestAPI 2/23/2024, 1:25:33 PM 1701771708 admin_audit_logs dummyuser@something.com 2 Login Successful user ["24.29.134.11","dummy.user@something.com"] dummyuser@something.com 1 2238d53ed0c735384ad60f58 [] eventsauditdata_CL
8 abcd-cdef-ghijk RestAPI 2/23/2024, 1:25:33 PM 1701771708 admin_audit_logs dummyuser@something.com 2 SSO Login Successful user ["dummy.user@something.com"] dummyuser@something.com 1 8dbc9e2fe476c6f1988d6c43 [] eventsauditdata_CL
9 abcd-cdef-ghijk RestAPI 2/23/2024, 1:25:33 PM 1701773590 admin_audit_logs dummyuser@something.com 2 Logout Successful reason ["Logged out due to inactivity"] dummyuser@something.com 1 a25ef7c8e1d7e32e6573e35c [] eventsauditdata_CL
10 abcd-cdef-ghijk RestAPI 2/23/2024, 1:25:33 PM 1701843916 admin_audit_logs dummyuser@something.com 2 SSO Login Successful user ["dummy.user@something.com"] dummyuser@something.com 1 ad5059e4cdb488132468806c [] eventsauditdata_CL
11 abcd-cdef-ghijk RestAPI 2/23/2024, 1:25:33 PM 1701843916 admin_audit_logs dummyuser@something.com 2 Login Successful user ["24.29.140.10","dummy.user@something.com"] dummyuser@something.com 1 c0b00d1fe9a2cd6e4f486453 [] eventsauditdata_CL

11
Sample Data/Custom/Netskope/eventsconnectiondata_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,11 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,suppression_end_time_d,suppression_start_time_d,_id_s,access_method_s,app_s,appcategory_s,bypass_reason_s,bypass_traffic_s,Category,cci_d,ccl_s,connection_id_d,count_d,domain_s,dst_country_s,dst_latitude_d,dst_location_s,dst_longitude_d,dst_region_s,dst_timezone_s,dst_zipcode_s,dstip_s,dstport_d,incident_id_d,netskope_pop_s,organization_unit_s,other_categories_s,page_s,request_id_d,site_s,src_country_s,src_latitude_d,src_location_s,src_longitude_d,src_region_s,src_time_s,src_timezone_s,src_zipcode_s,srcip_s,ssl_decrypt_policy_s,timestamp_d,traffic_type_s,transaction_id_d,type_s,ur_normalized_s,url_s,user_s,user_generated_s,userip_s,userkey_s,Type,_ResourceId
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:29:41 AM",,,,,418246b69e23e565bb4c1624,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,abc.microsoft.com,US,51.6021,Des Moines,-83.6124,Iowa,America/Chicago,50307,1.2.3.4,443,0,US-LAX1,,"[""Technology"",""All Categories"",""Business""]",abc.microsoft.com,2.72383E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 14:30:08 2023,America/New_York,N/A,5.6.7.8,no,1701718217,Web,0,connection,1.2.3.4,abc.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,eventsconnectiondata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:29:41 AM",,,,,463c1b2f0cdf28f5bcde842d,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,def.microsoft.com,IE,63.3379,Dublin,4.2591,Leinster,Europe/Dublin,D02,1.2.3.4,443,0,US-LAX1,,"[""Technology"",""All Categories"",""Business""]",def.microsoft.com,2.72384E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 14:42:08 2023,America/New_York,N/A,5.6.7.8,no,1701718980,Web,0,connection,1.2.3.4,def.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,eventsconnectiondata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:29:41 AM",,,,,2cf20dcc184f1bdbb8616f32,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,mno.microsoft.com,US,39.4227,San Antonio,-88.4927,Texas,America/Chicago,78288,1.2.3.4,443,0,US-LAX1,,"[""Technology"",""All Categories"",""Business""]",mno.microsoft.com,2.72384E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 14:44:08 2023,America/New_York,N/A,5.6.7.8,no,1701719097,Web,0,connection,1.2.3.4,mno.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,eventsconnectiondata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:29:41 AM",,,,,45ee63ea40593665bb76c1b8,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,abc.microsoft.com,US,47.9273,Tappahannock,-66.8545,Virginia,America/New_York,22560,1.2.3.4,443,0,US-LAX1,,"[""Technology"",""All Categories"",""Business""]",abc.microsoft.com,2.72384E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 14:44:08 2023,America/New_York,N/A,5.6.7.8,no,1701719099,Web,0,connection,1.2.3.4,abc.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,eventsconnectiondata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:29:41 AM",,,,,34e2316c1dce6b19ea32b09b,IPSec,,Content Server,Steering Exception - Default tenant config,yes,Content Server,0,unknown,0,1,pqr.microsoft.com,US,47.23446274,Quincy,-109.8525772,Washington,America/Los_Angeles,N/A,1.2.3.4,443,0,US-LAX1,,"[""Content Server"",""All Categories""]",pqr.microsoft.com,2.72384E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 14:45:08 2023,America/New_York,N/A,5.6.7.8,no,1701719117,Web,0,connection,1.2.3.4,pqr.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,eventsconnectiondata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:29:41 AM",,,1701719120,1701719120,5628717ec407cba16d4582bc,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,abc.microsoft.com,US,43.4475,Phoenix,-102.0866,Arizona,America/Phoenix,85001,1.2.3.4,443,0,US-LAX1,,"[""Technology"",""All Categories"",""Business""]",abc.microsoft.com,2.72384E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 14:45:08 2023,America/New_York,N/A,5.6.7.8,no,1701719120,Web,0,connection,1.2.3.4,abc.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,eventsconnectiondata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:29:41 AM",,,,,537a3b8f1441e8a086fb620c,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,abc.microsoft.com,JP,35.6893,Tokyo,149.6899,Tokyo,Asia/Tokyo,102-0082,1.2.3.4,443,0,US-LAX1,,"[""Technology"",""All Categories"",""Business""]",abc.microsoft.com,2.72384E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 14:45:08 2023,America/New_York,N/A,5.6.7.8,no,1701719132,Web,0,connection,1.2.3.4,abc.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,eventsconnectiondata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:29:41 AM",,,,,df79ca72b027eacb14ee81c4,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,rst.microsoft.com,US,39.4227,San Antonio,-88.4927,Texas,America/Chicago,78288,1.2.3.4,443,0,US-LAX1,,"[""Technology"",""All Categories"",""Business""]",rst.microsoft.com,2.72384E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 14:45:08 2023,America/New_York,N/A,5.6.7.8,no,1701719148,Web,0,connection,1.2.3.4,rst.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,eventsconnectiondata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:29:41 AM",,,,,02d86df9f75a02f20716f6a4,IPSec,,Content Server,Steering Exception - Default tenant config,yes,Content Server,0,unknown,0,1,rst.microsoft.com,US,39.4227,San Antonio,-88.4927,Texas,America/Chicago,78288,1.2.3.4,443,0,US-LAX1,,"[""Content Server"",""All Categories""]",rst.microsoft.com,2.72384E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 14:45:08 2023,America/New_York,N/A,5.6.7.8,no,1701719150,Web,0,connection,1.2.3.4,rst.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,eventsconnectiondata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:29:41 AM",,,,,f882894ac3608aa2dece7ee5,IPSec,,Content Server,Steering Exception - Default tenant config,yes,Content Server,0,unknown,0,1,def.microsoft.com,US,57.23446274,Quincy,-109.8525772,Washington,America/Los_Angeles,N/A,1.2.3.4,443,0,US-LAX1,,"[""Content Server"",""All Categories""]",def.microsoft.com,2.72384E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 14:45:08 2023,America/New_York,N/A,5.6.7.8,no,1701719153,Web,0,connection,1.2.3.4,def.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,eventsconnectiondata_CL,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData suppression_end_time_d suppression_start_time_d _id_s access_method_s app_s appcategory_s bypass_reason_s bypass_traffic_s Category cci_d ccl_s connection_id_d count_d domain_s dst_country_s dst_latitude_d dst_location_s dst_longitude_d dst_region_s dst_timezone_s dst_zipcode_s dstip_s dstport_d incident_id_d netskope_pop_s organization_unit_s other_categories_s page_s request_id_d site_s src_country_s src_latitude_d src_location_s src_longitude_d src_region_s src_time_s src_timezone_s src_zipcode_s srcip_s ssl_decrypt_policy_s timestamp_d traffic_type_s transaction_id_d type_s ur_normalized_s url_s user_s user_generated_s userip_s userkey_s Type _ResourceId
2 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:29:41 AM 418246b69e23e565bb4c1624 IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 abc.microsoft.com US 51.6021 Des Moines -83.6124 Iowa America/Chicago 50307 1.2.3.4 443 0 US-LAX1 ["Technology","All Categories","Business"] abc.microsoft.com 2.72383E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 14:30:08 2023 America/New_York N/A 5.6.7.8 no 1701718217 Web 0 connection 1.2.3.4 abc.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 eventsconnectiondata_CL
3 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:29:41 AM 463c1b2f0cdf28f5bcde842d IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 def.microsoft.com IE 63.3379 Dublin 4.2591 Leinster Europe/Dublin D02 1.2.3.4 443 0 US-LAX1 ["Technology","All Categories","Business"] def.microsoft.com 2.72384E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 14:42:08 2023 America/New_York N/A 5.6.7.8 no 1701718980 Web 0 connection 1.2.3.4 def.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 eventsconnectiondata_CL
4 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:29:41 AM 2cf20dcc184f1bdbb8616f32 IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 mno.microsoft.com US 39.4227 San Antonio -88.4927 Texas America/Chicago 78288 1.2.3.4 443 0 US-LAX1 ["Technology","All Categories","Business"] mno.microsoft.com 2.72384E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 14:44:08 2023 America/New_York N/A 5.6.7.8 no 1701719097 Web 0 connection 1.2.3.4 mno.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 eventsconnectiondata_CL
5 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:29:41 AM 45ee63ea40593665bb76c1b8 IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 abc.microsoft.com US 47.9273 Tappahannock -66.8545 Virginia America/New_York 22560 1.2.3.4 443 0 US-LAX1 ["Technology","All Categories","Business"] abc.microsoft.com 2.72384E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 14:44:08 2023 America/New_York N/A 5.6.7.8 no 1701719099 Web 0 connection 1.2.3.4 abc.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 eventsconnectiondata_CL
6 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:29:41 AM 34e2316c1dce6b19ea32b09b IPSec Content Server Steering Exception - Default tenant config yes Content Server 0 unknown 0 1 pqr.microsoft.com US 47.23446274 Quincy -109.8525772 Washington America/Los_Angeles N/A 1.2.3.4 443 0 US-LAX1 ["Content Server","All Categories"] pqr.microsoft.com 2.72384E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 14:45:08 2023 America/New_York N/A 5.6.7.8 no 1701719117 Web 0 connection 1.2.3.4 pqr.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 eventsconnectiondata_CL
7 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:29:41 AM 1701719120 1701719120 5628717ec407cba16d4582bc IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 abc.microsoft.com US 43.4475 Phoenix -102.0866 Arizona America/Phoenix 85001 1.2.3.4 443 0 US-LAX1 ["Technology","All Categories","Business"] abc.microsoft.com 2.72384E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 14:45:08 2023 America/New_York N/A 5.6.7.8 no 1701719120 Web 0 connection 1.2.3.4 abc.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 eventsconnectiondata_CL
8 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:29:41 AM 537a3b8f1441e8a086fb620c IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 abc.microsoft.com JP 35.6893 Tokyo 149.6899 Tokyo Asia/Tokyo 102-0082 1.2.3.4 443 0 US-LAX1 ["Technology","All Categories","Business"] abc.microsoft.com 2.72384E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 14:45:08 2023 America/New_York N/A 5.6.7.8 no 1701719132 Web 0 connection 1.2.3.4 abc.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 eventsconnectiondata_CL
9 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:29:41 AM df79ca72b027eacb14ee81c4 IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 rst.microsoft.com US 39.4227 San Antonio -88.4927 Texas America/Chicago 78288 1.2.3.4 443 0 US-LAX1 ["Technology","All Categories","Business"] rst.microsoft.com 2.72384E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 14:45:08 2023 America/New_York N/A 5.6.7.8 no 1701719148 Web 0 connection 1.2.3.4 rst.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 eventsconnectiondata_CL
10 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:29:41 AM 02d86df9f75a02f20716f6a4 IPSec Content Server Steering Exception - Default tenant config yes Content Server 0 unknown 0 1 rst.microsoft.com US 39.4227 San Antonio -88.4927 Texas America/Chicago 78288 1.2.3.4 443 0 US-LAX1 ["Content Server","All Categories"] rst.microsoft.com 2.72384E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 14:45:08 2023 America/New_York N/A 5.6.7.8 no 1701719150 Web 0 connection 1.2.3.4 rst.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 eventsconnectiondata_CL
11 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:29:41 AM f882894ac3608aa2dece7ee5 IPSec Content Server Steering Exception - Default tenant config yes Content Server 0 unknown 0 1 def.microsoft.com US 57.23446274 Quincy -109.8525772 Washington America/Los_Angeles N/A 1.2.3.4 443 0 US-LAX1 ["Content Server","All Categories"] def.microsoft.com 2.72384E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 14:45:08 2023 America/New_York N/A 5.6.7.8 no 1701719153 Web 0 connection 1.2.3.4 def.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 eventsconnectiondata_CL

11
Sample Data/Custom/Netskope/eventsincidentdata_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,11 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,_id_s,access_method_s,acting_user_s,activity_s,app_s,app_session_id_d,assignee_s,connection_id_d,dlp_incident_id_d,dlp_match_info_s,dlp_parent_id_d,dst_location_s,file_lang_s,file_size_d,file_type_s,md5_g,object_id_s,object_type_s,severity_s,site_s,src_location_s,status_s,timestamp_d,title_s,true_obj_category_s,true_obj_type_s,url_s,user_s,referer_s,user_id_s,object_s,instance_id_s,from_user_s,to_user_s,channel_s,zip_file_id_s,destination_instance_id_s,instance_s,bcc_s,cc_s,inline_dlp_match_info_s,owner_s,original_file_snapshot_id_s,dlp_file_s,owner_pdl_s,destination_site_s,latest_incident_id_d,classification_s,destination_app_s,file_path_s,exposure_s,Type,_ResourceId
abcd-cdef-ghijk,RestAPI,,,"2/29/2024, 7:55:29 AM",,,1657c5566973139b27357a8e23cf3a8703c4bca68ce210595e62a5dbdce7631c,Client,dummyuser@something.com,Download,Microsoft OneDrive,3.48391E+18,None,2.76243E+18,8.37325E+17,"[{""dlp_action"":""allow"",""dlp_forensic_id"":837363834,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""Payment Card Industry Data Security Standard. PCI-DSS"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":14375,""numbers/payment_card_numbers/major"":14375,""persons/proper_names/int/full"":14375},""dlp_incident_rule_count"":14375,""dlp_rule_name"":""INTL-PAN-Name"",""dlp_rule_score"":44563,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]},{""dlp_action"":""allow"",""dlp_forensic_id"":8373664663834,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""DLP-PCI"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":179687,""numbers/payment_card_numbers/major"":179687,""persons/proper_names/us/last"":179687},""dlp_incident_rule_count"":179687,""dlp_rule_name"":""Name-Credit Card (CC)"",""dlp_rule_score"":556311,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]}]",8.37325E+17,Redmond,ENGLISH,10256549,text/plain,2f6df996-9215-d9eb-4d26-6dd636337da7,hash_dummy@something.com_2f6df9969215d9eb4d266dd636337da7_1629a7e222524c487c6d8b1dba7f4f98b3d1557d,File,Critical,Microsoft OneDrive,San Diego,new,1703111543,hash_gjenkins@netskope.com_2f6df9969215d9eb4d266dd636337da7_1629a7e222524c487c6d8b1dba7f4f98b3d1557d,Text,Plain Text file,ahokbw.sn.files.1drv.com/y4pc8aBlHkeYewYjiXtXi8MYtOs86JJQqo7vg06SX0nKC7Vs3fzqIm5HZ1tF9qKUEmxwCvk-giW-jamW9OmRBUBUbc6nKoArJT-sTdqHY0MSqbenjH6MMv-Vq9TuwHYk34oEgAp3KBd_iy9PlNlQnH5Q5s8Kyirfb4J_uHfMJb74q5dVjeiVOiTvm6Bg1in49q-2xYBGMcsgjhJDHfTFC8-FayiqnePYKvvK2UOvOA,dummyuser@something.com,,,,,,,,,,,,,[],,,,,,0,,,,,eventsincidentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/29/2024, 7:55:29 AM",,,07c703cd9b3e2185d00aa66c59e7b600ba0f4b8980307edaac2b9a4a322939eb,Client,dummyuser@something.com,Download,Microsoft OneDrive,3.48391E+18,None,2.76243E+18,4.23314E+18,"[{""dlp_action"":""alert"",""dlp_forensic_id"":8373664663834,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""Payment Card Industry Data Security Standard. PCI-DSS"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":14375,""numbers/payment_card_numbers/major"":14375,""persons/proper_names/int/full"":14375},""dlp_incident_rule_count"":14375,""dlp_rule_name"":""INTL-PAN-Name"",""dlp_rule_score"":44563,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]},{""dlp_action"":""alert"",""dlp_forensic_id"":8373664663834,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""DLP-PCI"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":179687,""numbers/payment_card_numbers/major"":179687,""persons/proper_names/us/last"":179687},""dlp_incident_rule_count"":179687,""dlp_rule_name"":""Name-Credit Card (CC)"",""dlp_rule_score"":556311,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]}]",4.23314E+18,Redmond,ENGLISH,10256549,text/plain,2f6df996-9215-d9eb-4d26-6dd636337da7,hash_dummy@something.com_2f6df9969215d9eb4d266dd636337da7_1629a7e222524c487c6d8b1dba7f4f98b3d1557d,File,Critical,Microsoft OneDrive,San Diego,new,1703111613,credit_cards.12.db,Text,Plain Text file,ahokbw.sn.files.1drv.com/y4pjpgKTqpQltjYaPUVp8c4C7k1RPR1Ijs-eXlAB_BFH3Q8q0wANMEsWuGk5OB2MrAexKOYas2VLGzl-DRmyayHFQXeVXJlS1ggc-PMzlmVRMWdTSzFI5SjNfTU2xMf-MvDOgrJ9W5H5RMnE1tpvWID3sI6OG_6pjRVspm4ugkYPDFSx9H4R-FrsalyUD29u698OVdP929_uQdf9zgpu5Xm5UYQXny6kTuf0MlRGS,dummyuser@something.com,,,credit_cards.12.db,,,,,,,,,,[],,,,,,0,,,,,eventsincidentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/29/2024, 7:55:29 AM",,,8b7aa008de61e24da95355c3e53055eea363b198283a340a53356181b5a86d08,Client,dummyuser@something.com,Upload,Google Drive,6.24615E+18,None,6.93129E+18,4.76285E+18,"[{""dlp_action"":""allow"",""dlp_forensic_id"":47620006381054,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""Payment Card Industry Data Security Standard. PCI-DSS"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":14375,""numbers/payment_card_numbers/major"":14375,""persons/proper_names/int/full"":14375},""dlp_incident_rule_count"":14375,""dlp_rule_name"":""INTL-PAN-Name"",""dlp_rule_score"":44563,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]},{""dlp_action"":""allow"",""dlp_forensic_id"":47620006381054,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""DLP-PCI"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":179687,""numbers/payment_card_numbers/major"":179687,""persons/proper_names/us/last"":179687},""dlp_incident_rule_count"":179687,""dlp_rule_name"":""Name-Credit Card (CC)"",""dlp_rule_score"":556311,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]}]",4.76285E+18,Mountain View,ENGLISH,10256549,text/plain,2f6df996-9215-d9eb-4d26-6dd636337da7,ABPtcPp7R6hGPyJjysOA-xZ0xzk-lJSjnNOrGJpPdoFiMQlwDXVL5XPe6M57sY4gy9y78-8L0bmRvA_3wTFxozAhwhTrueDsnTKs,File,Critical,Google Drive,San Diego,new,1703111565,credit_cards.12 (1).db,Text,Plain Text file,clients6.google.com/upload/drive/v2internal/fi,dummyuser@something.com,https://drive.google.com/,,credit_cards.12 (1).db,netskope.com,dummyuser@something.com,,,,,,,,[],,,,,,0,,,,,eventsincidentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/29/2024, 7:55:29 AM",,,c101104c6f9c6b48486e481e982297c0d6626df5d98a445dee0c6f25f6803bfb,Client,dummyuser@something.com,Upload,Google Drive,6.24615E+18,None,6.93129E+18,7.95493E+18,"[{""dlp_action"":""alert"",""dlp_forensic_id"":47620006381054,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""Payment Card Industry Data Security Standard. PCI-DSS"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":14375,""numbers/payment_card_numbers/major"":14375,""persons/proper_names/int/full"":14375},""dlp_incident_rule_count"":14375,""dlp_rule_name"":""INTL-PAN-Name"",""dlp_rule_score"":44563,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]},{""dlp_action"":""alert"",""dlp_forensic_id"":47620006381054,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""DLP-PCI"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":179687,""numbers/payment_card_numbers/major"":179687,""persons/proper_names/us/last"":179687},""dlp_incident_rule_count"":179687,""dlp_rule_name"":""Name-Credit Card (CC)"",""dlp_rule_score"":556311,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]}]",7.95493E+18,Mountain View,ENGLISH,10256549,text/plain,2f6df996-9215-d9eb-4d26-6dd636337da7,ABPtcPppbs0axNl5iJ-FXOBiMlONyKsUgfZ1MavsXJtUJNmJ6s1NUgY0YQsSHZfM6o5J3DZGaPWEe1-EPoXxwh4-uXFUw0OWD_Gm,File,Critical,Google Drive,San Diego,new,1703111625,credit_cards.13 (1).db,Text,Plain Text file,clients6.google.com/upload/drive/v2internal/fi,dummyuser@something.com,https://drive.google.com/,,credit_cards.13 (1).db,netskope.com,dummyuser@something.com,,,,,,,,[],,,,,,0,,,,,eventsincidentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/29/2024, 7:55:29 AM",,,3079ce48fb36a4f8a8f2a85f9d5ddaac87e7d30ab33824bca369a6302ddd74fb,Client,dummyuser@something.com,Download,Microsoft OneDrive,3.48391E+18,None,2.76243E+18,6.15217E+18,"[{""dlp_action"":""alert"",""dlp_forensic_id"":47620006381054,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""Payment Card Industry Data Security Standard. PCI-DSS"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":14375,""numbers/payment_card_numbers/major"":14375,""persons/proper_names/int/full"":14375},""dlp_incident_rule_count"":14375,""dlp_rule_name"":""INTL-PAN-Name"",""dlp_rule_score"":44563,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]},{""dlp_action"":""alert"",""dlp_forensic_id"":47620006381054,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""DLP-PCI"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":179687,""numbers/payment_card_numbers/major"":179687,""persons/proper_names/us/last"":179687},""dlp_incident_rule_count"":179687,""dlp_rule_name"":""Name-Credit Card (CC)"",""dlp_rule_score"":556311,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]}]",6.15217E+18,Redmond,ENGLISH,10256549,text/plain,2f6df996-9215-d9eb-4d26-6dd636337da7,hash_dummy@something.com_2f6df9969215d9eb4d266dd636337da7_1629a7e222524c487c6d8b1dba7f4f98b3d1557d,File,Critical,Microsoft OneDrive,San Diego,new,1703111628,credit_cards.13.db,Text,Plain Text file,ahokbw.sn.files.1drv.com/y4p30HeUJd_wDXWVeT5vlWZSu9zu5eU4PFiO7rIt6wtcrWlZayLQsBjxzX1Z_48xpYMflqHMcEjWG3Df2PbOuJIyC2djQo0OYT3-m0-0ZC7a4oVAJjZ8JNddhHXCgIfzc_ZnlCCUrjFzVJ2Z0_WW6TU_GpkOiJlHo0TzWmEJ4KeR_Xq_dSN-pYYtHuhb5GUrzQ_zN8qG31XFSommi2IywJp0bxc5psj5-OtVHKP6Z,dummyuser@something.com,,,credit_cards.13.db,,,,,,,,,,[],,,,,,0,,,,,eventsincidentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/29/2024, 7:55:29 AM",,,d50d5fbe80a9a4699e9d3913a28177059b6cfc6cc0a903716366233f731538e5,Client,dummyuser@something.com,Download,Microsoft OneDrive,3.48391E+18,None,2.76243E+18,7.00195E+18,"[{""dlp_action"":""allow"",""dlp_forensic_id"":70028303988805,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""Payment Card Industry Data Security Standard. PCI-DSS"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":14375,""numbers/payment_card_numbers/major"":14375,""persons/proper_names/int/full"":14375},""dlp_incident_rule_count"":14375,""dlp_rule_name"":""INTL-PAN-Name"",""dlp_rule_score"":44563,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]},{""dlp_action"":""allow"",""dlp_forensic_id"":70028303988805,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""DLP-PCI"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":179687,""numbers/payment_card_numbers/major"":179687,""persons/proper_names/us/last"":179687},""dlp_incident_rule_count"":179687,""dlp_rule_name"":""Name-Credit Card (CC)"",""dlp_rule_score"":556311,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]}]",7.00195E+18,Redmond,ENGLISH,10256549,text/plain,2f6df996-9215-d9eb-4d26-6dd636337da7,hash_dummy@something.com_2f6df9969215d9eb4d266dd636337da7_1629a7e222524c487c6d8b1dba7f4f98b3d1557d,File,Critical,Microsoft OneDrive,San Diego,new,1703111578,credit_cards.12.db,Text,Plain Text file,ahokbw.sn.files.1drv.com/y4pjlAr69yFu6cFDL27CPPQ2sTHkuvRfPt4pTUKZEKIA2WP5PyF2qY0oqQg2l1xA1IIaYFhWX5gWBQqs1GxS7BMQZ9QN2nBD1ZYanduxSqwAyXb01kdrznVFy0Um-IAi_7siD5L1Ixfe0lpEMeb-VGWADvSRjP97N2y2u212_frBnx8_0v_ytCaXqATNZUB5KRhcyULxTrwPIlxt5Gn6sbmLfPY07N3YezUgq90Lgi,dummyuser@something.com,,,credit_cards.12.db,,,,,,,,,,[],,,,,,0,,,,,eventsincidentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/29/2024, 7:55:29 AM",,,eb6b4498a5d6996c9e99fa2ff3e9bb46228334b1818776e6ca3f2caa3fefafd7,Client,dummyuser@something.com,Upload,Google Drive,6.24615E+18,None,6.93129E+18,3.88471E+18,"[{""dlp_action"":""alert"",""dlp_forensic_id"":70028303988805,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""Payment Card Industry Data Security Standard. PCI-DSS"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":14375,""numbers/payment_card_numbers/major"":14375,""persons/proper_names/int/full"":14375},""dlp_incident_rule_count"":14375,""dlp_rule_name"":""INTL-PAN-Name"",""dlp_rule_score"":44563,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]},{""dlp_action"":""alert"",""dlp_forensic_id"":70028303988805,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""DLP-PCI"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":179687,""numbers/payment_card_numbers/major"":179687,""persons/proper_names/us/last"":179687},""dlp_incident_rule_count"":179687,""dlp_rule_name"":""Name-Credit Card (CC)"",""dlp_rule_score"":556311,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]}]",3.88471E+18,Mountain View,ENGLISH,10256549,text/plain,2f6df996-9215-d9eb-4d26-6dd636337da7,ABPtcPoZ1rvOEANdhvvx_dXcRn_Z6T-9s2ad0Vk2Shwp9up7mOHMax1YpccDlTcbbhKwTmxqeaOAv_CwMBpZ38GSFMjFWw,File,Critical,Google Drive,San Diego,new,1703111640,credit_cards.13.db,Text,Plain Text file,clients6.google.com/upload/drive/v2internal/fi,dummyuser@something.com,https://drive.google.com/,,credit_cards.13.db,netskope.com,dummyuser@something.com,,,,,,,,[],,,,,,0,,,,,eventsincidentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/29/2024, 7:55:29 AM",,,96f5049032fbec94d9292b828402d250d97a41c827f006601088c915e8d96f71,Client,dummyuser@something.com,Download,Microsoft OneDrive,3.48391E+18,None,2.76243E+18,1.38264E+17,"[{""dlp_action"":""alert"",""dlp_forensic_id"":70028303988805,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""Payment Card Industry Data Security Standard. PCI-DSS"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":14375,""numbers/payment_card_numbers/major"":14375,""persons/proper_names/int/full"":14375},""dlp_incident_rule_count"":14375,""dlp_rule_name"":""INTL-PAN-Name"",""dlp_rule_score"":44563,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]},{""dlp_action"":""alert"",""dlp_forensic_id"":70028303988805,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""DLP-PCI"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":179687,""numbers/payment_card_numbers/major"":179687,""persons/proper_names/us/last"":179687},""dlp_incident_rule_count"":179687,""dlp_rule_name"":""Name-Credit Card (CC)"",""dlp_rule_score"":556311,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]}]",1.38264E+17,Redmond,ENGLISH,10256549,text/plain,2f6df996-9215-d9eb-4d26-6dd636337da7,hash_dummy@something.com_2f6df9969215d9eb4d266dd636337da7_1629a7e222524c487c6d8b1dba7f4f98b3d1557d,File,Critical,Microsoft OneDrive,San Diego,new,1703111643,credit_cards.13.db,Text,Plain Text file,ahokbw.sn.files.1drv.com/y4pBjWOfrko0wozG7PtpqexAbIQbk6HvfqD-rTeEoQiySV0aTnACx-8vtQ71n9JjmjqyAk-UFClmFcz7OmsMX0VCcQ0PGK1uE_9ijL43LJddzJSVFwnDNVmCTCp0eQOotDVVKO2PPI2Inrvfhr_gaMtlmEgg5BKS3xBUEZW7RIHqndfjcAXqqmZVchyNG2HDheNBLxQXojvR4EokTRx5rfuCl_PRTmaIfLWd5vcgXg,dummyuser@something.com,,,credit_cards.13.db,,,,,,,,,,[],,,,,,0,,,,,eventsincidentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/29/2024, 7:55:29 AM",,,2cde132f75ab726c31918bb54e8c462711dd6421610c4c2c39f2fee51772944d,Client,dummyuser@something.com,Upload,Google Drive,6.24615E+18,None,6.93129E+18,1.99242E+18,"[{""dlp_action"":""alert"",""dlp_forensic_id"":70028303988805,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""Payment Card Industry Data Security Standard. PCI-DSS"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":14375,""numbers/payment_card_numbers/major"":14375,""persons/proper_names/int/full"":14375},""dlp_incident_rule_count"":14375,""dlp_rule_name"":""INTL-PAN-Name"",""dlp_rule_score"":44563,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]},{""dlp_action"":""alert"",""dlp_forensic_id"":70028303988805,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""DLP-PCI"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":179687,""numbers/payment_card_numbers/major"":179687,""persons/proper_names/us/last"":179687},""dlp_incident_rule_count"":179687,""dlp_rule_name"":""Name-Credit Card (CC)"",""dlp_rule_score"":556311,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]}]",1.99242E+18,Mountain View,ENGLISH,10256549,text/plain,2f6df996-9215-d9eb-4d26-6dd636337da7,ABPtcPrnHwqXnmEPAghIFRNUo2csB5FYdIPwpGVy5JclMsSV9CVkfjGyeT4YoiCXTzJS1tInGYYqzwbU8oLfXmJkALG_tMudkY8f,File,Critical,Google Drive,San Diego,new,1703111654,credit_cards.14 (1).db,Text,Plain Text file,clients6.google.com/upload/drive/v2internal/fi,dummyuser@something.com,https://drive.google.com/,,credit_cards.14 (1).db,netskope.com,dummyuser@something.com,,,,,,,,[],,,,,,0,,,,,eventsincidentdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/29/2024, 7:55:29 AM",,,cdf3eb46f5c275efc933b6ffb4a86aa75a84fb0084451cc7594f9eeb7c0b94f2,Client,dummyuser@something.com,Upload,Google Drive,6.24615E+18,None,6.93129E+18,4.2666E+17,"[{""dlp_action"":""allow"",""dlp_forensic_id"":4266462058463,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""Payment Card Industry Data Security Standard. PCI-DSS"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":14375,""numbers/payment_card_numbers/major"":14375,""persons/proper_names/int/full"":14375},""dlp_incident_rule_count"":14375,""dlp_rule_name"":""INTL-PAN-Name"",""dlp_rule_score"":44563,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]},{""dlp_action"":""allow"",""dlp_forensic_id"":4266462058463,""dlp_policy"":""DLP PCI Alert"",""dlp_profile_name"":""DLP-PCI"",""dlp_rules"":[{""dlp_data_identifiers"":{""numbers/payment_card_number_terms/eng"":179687,""numbers/payment_card_numbers/major"":179687,""persons/proper_names/us/last"":179687},""dlp_incident_rule_count"":179687,""dlp_rule_name"":""Name-Credit Card (CC)"",""dlp_rule_score"":556311,""dlp_rule_severity"":""Critical"",""is_unique_count"":false,""weighted"":false}]}]",4.2666E+17,Mountain View,ENGLISH,10256549,text/plain,2f6df996-9215-d9eb-4d26-6dd636337da7,ABPtcPpfvmvFyf31n-OvjtDoCzbyhDeKTC_aVG3rJ3gLqLqdP9CFqIqTxlHT7r0P_P6Ew8FsgwPISOSxO8p-ALfy6vROlgQxs9Pi,File,Critical,Google Drive,San Diego,new,1703111600,credit_cards.12.db,Text,Plain Text file,clients6.google.com/upload/drive/v2internal/fi,dummyuser@something.com,https://drive.google.com/,,credit_cards.12.db,netskope.com,dummyuser@something.com,,,,,,,,[],,,,,,0,,,,,eventsincidentdata_CL,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData _id_s access_method_s acting_user_s activity_s app_s app_session_id_d assignee_s connection_id_d dlp_incident_id_d dlp_match_info_s dlp_parent_id_d dst_location_s file_lang_s file_size_d file_type_s md5_g object_id_s object_type_s severity_s site_s src_location_s status_s timestamp_d title_s true_obj_category_s true_obj_type_s url_s user_s referer_s user_id_s object_s instance_id_s from_user_s to_user_s channel_s zip_file_id_s destination_instance_id_s instance_s bcc_s cc_s inline_dlp_match_info_s owner_s original_file_snapshot_id_s dlp_file_s owner_pdl_s destination_site_s latest_incident_id_d classification_s destination_app_s file_path_s exposure_s Type _ResourceId
2 abcd-cdef-ghijk RestAPI 2/29/2024, 7:55:29 AM 1657c5566973139b27357a8e23cf3a8703c4bca68ce210595e62a5dbdce7631c Client dummyuser@something.com Download Microsoft OneDrive 3.48391E+18 None 2.76243E+18 8.37325E+17 [{"dlp_action":"allow","dlp_forensic_id":837363834,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"Payment Card Industry Data Security Standard. PCI-DSS","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":14375,"numbers/payment_card_numbers/major":14375,"persons/proper_names/int/full":14375},"dlp_incident_rule_count":14375,"dlp_rule_name":"INTL-PAN-Name","dlp_rule_score":44563,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]},{"dlp_action":"allow","dlp_forensic_id":8373664663834,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"DLP-PCI","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":179687,"numbers/payment_card_numbers/major":179687,"persons/proper_names/us/last":179687},"dlp_incident_rule_count":179687,"dlp_rule_name":"Name-Credit Card (CC)","dlp_rule_score":556311,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]}] 8.37325E+17 Redmond ENGLISH 10256549 text/plain 2f6df996-9215-d9eb-4d26-6dd636337da7 hash_dummy@something.com_2f6df9969215d9eb4d266dd636337da7_1629a7e222524c487c6d8b1dba7f4f98b3d1557d File Critical Microsoft OneDrive San Diego new 1703111543 hash_gjenkins@netskope.com_2f6df9969215d9eb4d266dd636337da7_1629a7e222524c487c6d8b1dba7f4f98b3d1557d Text Plain Text file ahokbw.sn.files.1drv.com/y4pc8aBlHkeYewYjiXtXi8MYtOs86JJQqo7vg06SX0nKC7Vs3fzqIm5HZ1tF9qKUEmxwCvk-giW-jamW9OmRBUBUbc6nKoArJT-sTdqHY0MSqbenjH6MMv-Vq9TuwHYk34oEgAp3KBd_iy9PlNlQnH5Q5s8Kyirfb4J_uHfMJb74q5dVjeiVOiTvm6Bg1in49q-2xYBGMcsgjhJDHfTFC8-FayiqnePYKvvK2UOvOA dummyuser@something.com [] 0 eventsincidentdata_CL
3 abcd-cdef-ghijk RestAPI 2/29/2024, 7:55:29 AM 07c703cd9b3e2185d00aa66c59e7b600ba0f4b8980307edaac2b9a4a322939eb Client dummyuser@something.com Download Microsoft OneDrive 3.48391E+18 None 2.76243E+18 4.23314E+18 [{"dlp_action":"alert","dlp_forensic_id":8373664663834,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"Payment Card Industry Data Security Standard. PCI-DSS","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":14375,"numbers/payment_card_numbers/major":14375,"persons/proper_names/int/full":14375},"dlp_incident_rule_count":14375,"dlp_rule_name":"INTL-PAN-Name","dlp_rule_score":44563,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]},{"dlp_action":"alert","dlp_forensic_id":8373664663834,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"DLP-PCI","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":179687,"numbers/payment_card_numbers/major":179687,"persons/proper_names/us/last":179687},"dlp_incident_rule_count":179687,"dlp_rule_name":"Name-Credit Card (CC)","dlp_rule_score":556311,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]}] 4.23314E+18 Redmond ENGLISH 10256549 text/plain 2f6df996-9215-d9eb-4d26-6dd636337da7 hash_dummy@something.com_2f6df9969215d9eb4d266dd636337da7_1629a7e222524c487c6d8b1dba7f4f98b3d1557d File Critical Microsoft OneDrive San Diego new 1703111613 credit_cards.12.db Text Plain Text file ahokbw.sn.files.1drv.com/y4pjpgKTqpQltjYaPUVp8c4C7k1RPR1Ijs-eXlAB_BFH3Q8q0wANMEsWuGk5OB2MrAexKOYas2VLGzl-DRmyayHFQXeVXJlS1ggc-PMzlmVRMWdTSzFI5SjNfTU2xMf-MvDOgrJ9W5H5RMnE1tpvWID3sI6OG_6pjRVspm4ugkYPDFSx9H4R-FrsalyUD29u698OVdP929_uQdf9zgpu5Xm5UYQXny6kTuf0MlRGS dummyuser@something.com credit_cards.12.db [] 0 eventsincidentdata_CL
4 abcd-cdef-ghijk RestAPI 2/29/2024, 7:55:29 AM 8b7aa008de61e24da95355c3e53055eea363b198283a340a53356181b5a86d08 Client dummyuser@something.com Upload Google Drive 6.24615E+18 None 6.93129E+18 4.76285E+18 [{"dlp_action":"allow","dlp_forensic_id":47620006381054,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"Payment Card Industry Data Security Standard. PCI-DSS","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":14375,"numbers/payment_card_numbers/major":14375,"persons/proper_names/int/full":14375},"dlp_incident_rule_count":14375,"dlp_rule_name":"INTL-PAN-Name","dlp_rule_score":44563,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]},{"dlp_action":"allow","dlp_forensic_id":47620006381054,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"DLP-PCI","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":179687,"numbers/payment_card_numbers/major":179687,"persons/proper_names/us/last":179687},"dlp_incident_rule_count":179687,"dlp_rule_name":"Name-Credit Card (CC)","dlp_rule_score":556311,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]}] 4.76285E+18 Mountain View ENGLISH 10256549 text/plain 2f6df996-9215-d9eb-4d26-6dd636337da7 ABPtcPp7R6hGPyJjysOA-xZ0xzk-lJSjnNOrGJpPdoFiMQlwDXVL5XPe6M57sY4gy9y78-8L0bmRvA_3wTFxozAhwhTrueDsnTKs File Critical Google Drive San Diego new 1703111565 credit_cards.12 (1).db Text Plain Text file clients6.google.com/upload/drive/v2internal/fi dummyuser@something.com https://drive.google.com/ credit_cards.12 (1).db netskope.com dummyuser@something.com [] 0 eventsincidentdata_CL
5 abcd-cdef-ghijk RestAPI 2/29/2024, 7:55:29 AM c101104c6f9c6b48486e481e982297c0d6626df5d98a445dee0c6f25f6803bfb Client dummyuser@something.com Upload Google Drive 6.24615E+18 None 6.93129E+18 7.95493E+18 [{"dlp_action":"alert","dlp_forensic_id":47620006381054,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"Payment Card Industry Data Security Standard. PCI-DSS","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":14375,"numbers/payment_card_numbers/major":14375,"persons/proper_names/int/full":14375},"dlp_incident_rule_count":14375,"dlp_rule_name":"INTL-PAN-Name","dlp_rule_score":44563,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]},{"dlp_action":"alert","dlp_forensic_id":47620006381054,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"DLP-PCI","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":179687,"numbers/payment_card_numbers/major":179687,"persons/proper_names/us/last":179687},"dlp_incident_rule_count":179687,"dlp_rule_name":"Name-Credit Card (CC)","dlp_rule_score":556311,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]}] 7.95493E+18 Mountain View ENGLISH 10256549 text/plain 2f6df996-9215-d9eb-4d26-6dd636337da7 ABPtcPppbs0axNl5iJ-FXOBiMlONyKsUgfZ1MavsXJtUJNmJ6s1NUgY0YQsSHZfM6o5J3DZGaPWEe1-EPoXxwh4-uXFUw0OWD_Gm File Critical Google Drive San Diego new 1703111625 credit_cards.13 (1).db Text Plain Text file clients6.google.com/upload/drive/v2internal/fi dummyuser@something.com https://drive.google.com/ credit_cards.13 (1).db netskope.com dummyuser@something.com [] 0 eventsincidentdata_CL
6 abcd-cdef-ghijk RestAPI 2/29/2024, 7:55:29 AM 3079ce48fb36a4f8a8f2a85f9d5ddaac87e7d30ab33824bca369a6302ddd74fb Client dummyuser@something.com Download Microsoft OneDrive 3.48391E+18 None 2.76243E+18 6.15217E+18 [{"dlp_action":"alert","dlp_forensic_id":47620006381054,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"Payment Card Industry Data Security Standard. PCI-DSS","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":14375,"numbers/payment_card_numbers/major":14375,"persons/proper_names/int/full":14375},"dlp_incident_rule_count":14375,"dlp_rule_name":"INTL-PAN-Name","dlp_rule_score":44563,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]},{"dlp_action":"alert","dlp_forensic_id":47620006381054,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"DLP-PCI","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":179687,"numbers/payment_card_numbers/major":179687,"persons/proper_names/us/last":179687},"dlp_incident_rule_count":179687,"dlp_rule_name":"Name-Credit Card (CC)","dlp_rule_score":556311,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]}] 6.15217E+18 Redmond ENGLISH 10256549 text/plain 2f6df996-9215-d9eb-4d26-6dd636337da7 hash_dummy@something.com_2f6df9969215d9eb4d266dd636337da7_1629a7e222524c487c6d8b1dba7f4f98b3d1557d File Critical Microsoft OneDrive San Diego new 1703111628 credit_cards.13.db Text Plain Text file ahokbw.sn.files.1drv.com/y4p30HeUJd_wDXWVeT5vlWZSu9zu5eU4PFiO7rIt6wtcrWlZayLQsBjxzX1Z_48xpYMflqHMcEjWG3Df2PbOuJIyC2djQo0OYT3-m0-0ZC7a4oVAJjZ8JNddhHXCgIfzc_ZnlCCUrjFzVJ2Z0_WW6TU_GpkOiJlHo0TzWmEJ4KeR_Xq_dSN-pYYtHuhb5GUrzQ_zN8qG31XFSommi2IywJp0bxc5psj5-OtVHKP6Z dummyuser@something.com credit_cards.13.db [] 0 eventsincidentdata_CL
7 abcd-cdef-ghijk RestAPI 2/29/2024, 7:55:29 AM d50d5fbe80a9a4699e9d3913a28177059b6cfc6cc0a903716366233f731538e5 Client dummyuser@something.com Download Microsoft OneDrive 3.48391E+18 None 2.76243E+18 7.00195E+18 [{"dlp_action":"allow","dlp_forensic_id":70028303988805,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"Payment Card Industry Data Security Standard. PCI-DSS","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":14375,"numbers/payment_card_numbers/major":14375,"persons/proper_names/int/full":14375},"dlp_incident_rule_count":14375,"dlp_rule_name":"INTL-PAN-Name","dlp_rule_score":44563,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]},{"dlp_action":"allow","dlp_forensic_id":70028303988805,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"DLP-PCI","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":179687,"numbers/payment_card_numbers/major":179687,"persons/proper_names/us/last":179687},"dlp_incident_rule_count":179687,"dlp_rule_name":"Name-Credit Card (CC)","dlp_rule_score":556311,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]}] 7.00195E+18 Redmond ENGLISH 10256549 text/plain 2f6df996-9215-d9eb-4d26-6dd636337da7 hash_dummy@something.com_2f6df9969215d9eb4d266dd636337da7_1629a7e222524c487c6d8b1dba7f4f98b3d1557d File Critical Microsoft OneDrive San Diego new 1703111578 credit_cards.12.db Text Plain Text file ahokbw.sn.files.1drv.com/y4pjlAr69yFu6cFDL27CPPQ2sTHkuvRfPt4pTUKZEKIA2WP5PyF2qY0oqQg2l1xA1IIaYFhWX5gWBQqs1GxS7BMQZ9QN2nBD1ZYanduxSqwAyXb01kdrznVFy0Um-IAi_7siD5L1Ixfe0lpEMeb-VGWADvSRjP97N2y2u212_frBnx8_0v_ytCaXqATNZUB5KRhcyULxTrwPIlxt5Gn6sbmLfPY07N3YezUgq90Lgi dummyuser@something.com credit_cards.12.db [] 0 eventsincidentdata_CL
8 abcd-cdef-ghijk RestAPI 2/29/2024, 7:55:29 AM eb6b4498a5d6996c9e99fa2ff3e9bb46228334b1818776e6ca3f2caa3fefafd7 Client dummyuser@something.com Upload Google Drive 6.24615E+18 None 6.93129E+18 3.88471E+18 [{"dlp_action":"alert","dlp_forensic_id":70028303988805,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"Payment Card Industry Data Security Standard. PCI-DSS","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":14375,"numbers/payment_card_numbers/major":14375,"persons/proper_names/int/full":14375},"dlp_incident_rule_count":14375,"dlp_rule_name":"INTL-PAN-Name","dlp_rule_score":44563,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]},{"dlp_action":"alert","dlp_forensic_id":70028303988805,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"DLP-PCI","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":179687,"numbers/payment_card_numbers/major":179687,"persons/proper_names/us/last":179687},"dlp_incident_rule_count":179687,"dlp_rule_name":"Name-Credit Card (CC)","dlp_rule_score":556311,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]}] 3.88471E+18 Mountain View ENGLISH 10256549 text/plain 2f6df996-9215-d9eb-4d26-6dd636337da7 ABPtcPoZ1rvOEANdhvvx_dXcRn_Z6T-9s2ad0Vk2Shwp9up7mOHMax1YpccDlTcbbhKwTmxqeaOAv_CwMBpZ38GSFMjFWw File Critical Google Drive San Diego new 1703111640 credit_cards.13.db Text Plain Text file clients6.google.com/upload/drive/v2internal/fi dummyuser@something.com https://drive.google.com/ credit_cards.13.db netskope.com dummyuser@something.com [] 0 eventsincidentdata_CL
9 abcd-cdef-ghijk RestAPI 2/29/2024, 7:55:29 AM 96f5049032fbec94d9292b828402d250d97a41c827f006601088c915e8d96f71 Client dummyuser@something.com Download Microsoft OneDrive 3.48391E+18 None 2.76243E+18 1.38264E+17 [{"dlp_action":"alert","dlp_forensic_id":70028303988805,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"Payment Card Industry Data Security Standard. PCI-DSS","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":14375,"numbers/payment_card_numbers/major":14375,"persons/proper_names/int/full":14375},"dlp_incident_rule_count":14375,"dlp_rule_name":"INTL-PAN-Name","dlp_rule_score":44563,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]},{"dlp_action":"alert","dlp_forensic_id":70028303988805,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"DLP-PCI","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":179687,"numbers/payment_card_numbers/major":179687,"persons/proper_names/us/last":179687},"dlp_incident_rule_count":179687,"dlp_rule_name":"Name-Credit Card (CC)","dlp_rule_score":556311,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]}] 1.38264E+17 Redmond ENGLISH 10256549 text/plain 2f6df996-9215-d9eb-4d26-6dd636337da7 hash_dummy@something.com_2f6df9969215d9eb4d266dd636337da7_1629a7e222524c487c6d8b1dba7f4f98b3d1557d File Critical Microsoft OneDrive San Diego new 1703111643 credit_cards.13.db Text Plain Text file ahokbw.sn.files.1drv.com/y4pBjWOfrko0wozG7PtpqexAbIQbk6HvfqD-rTeEoQiySV0aTnACx-8vtQ71n9JjmjqyAk-UFClmFcz7OmsMX0VCcQ0PGK1uE_9ijL43LJddzJSVFwnDNVmCTCp0eQOotDVVKO2PPI2Inrvfhr_gaMtlmEgg5BKS3xBUEZW7RIHqndfjcAXqqmZVchyNG2HDheNBLxQXojvR4EokTRx5rfuCl_PRTmaIfLWd5vcgXg dummyuser@something.com credit_cards.13.db [] 0 eventsincidentdata_CL
10 abcd-cdef-ghijk RestAPI 2/29/2024, 7:55:29 AM 2cde132f75ab726c31918bb54e8c462711dd6421610c4c2c39f2fee51772944d Client dummyuser@something.com Upload Google Drive 6.24615E+18 None 6.93129E+18 1.99242E+18 [{"dlp_action":"alert","dlp_forensic_id":70028303988805,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"Payment Card Industry Data Security Standard. PCI-DSS","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":14375,"numbers/payment_card_numbers/major":14375,"persons/proper_names/int/full":14375},"dlp_incident_rule_count":14375,"dlp_rule_name":"INTL-PAN-Name","dlp_rule_score":44563,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]},{"dlp_action":"alert","dlp_forensic_id":70028303988805,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"DLP-PCI","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":179687,"numbers/payment_card_numbers/major":179687,"persons/proper_names/us/last":179687},"dlp_incident_rule_count":179687,"dlp_rule_name":"Name-Credit Card (CC)","dlp_rule_score":556311,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]}] 1.99242E+18 Mountain View ENGLISH 10256549 text/plain 2f6df996-9215-d9eb-4d26-6dd636337da7 ABPtcPrnHwqXnmEPAghIFRNUo2csB5FYdIPwpGVy5JclMsSV9CVkfjGyeT4YoiCXTzJS1tInGYYqzwbU8oLfXmJkALG_tMudkY8f File Critical Google Drive San Diego new 1703111654 credit_cards.14 (1).db Text Plain Text file clients6.google.com/upload/drive/v2internal/fi dummyuser@something.com https://drive.google.com/ credit_cards.14 (1).db netskope.com dummyuser@something.com [] 0 eventsincidentdata_CL
11 abcd-cdef-ghijk RestAPI 2/29/2024, 7:55:29 AM cdf3eb46f5c275efc933b6ffb4a86aa75a84fb0084451cc7594f9eeb7c0b94f2 Client dummyuser@something.com Upload Google Drive 6.24615E+18 None 6.93129E+18 4.2666E+17 [{"dlp_action":"allow","dlp_forensic_id":4266462058463,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"Payment Card Industry Data Security Standard. PCI-DSS","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":14375,"numbers/payment_card_numbers/major":14375,"persons/proper_names/int/full":14375},"dlp_incident_rule_count":14375,"dlp_rule_name":"INTL-PAN-Name","dlp_rule_score":44563,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]},{"dlp_action":"allow","dlp_forensic_id":4266462058463,"dlp_policy":"DLP PCI Alert","dlp_profile_name":"DLP-PCI","dlp_rules":[{"dlp_data_identifiers":{"numbers/payment_card_number_terms/eng":179687,"numbers/payment_card_numbers/major":179687,"persons/proper_names/us/last":179687},"dlp_incident_rule_count":179687,"dlp_rule_name":"Name-Credit Card (CC)","dlp_rule_score":556311,"dlp_rule_severity":"Critical","is_unique_count":false,"weighted":false}]}] 4.2666E+17 Mountain View ENGLISH 10256549 text/plain 2f6df996-9215-d9eb-4d26-6dd636337da7 ABPtcPpfvmvFyf31n-OvjtDoCzbyhDeKTC_aVG3rJ3gLqLqdP9CFqIqTxlHT7r0P_P6Ew8FsgwPISOSxO8p-ALfy6vROlgQxs9Pi File Critical Google Drive San Diego new 1703111600 credit_cards.12.db Text Plain Text file clients6.google.com/upload/drive/v2internal/fi dummyuser@something.com https://drive.google.com/ credit_cards.12.db netskope.com dummyuser@something.com [] 0 eventsincidentdata_CL

33
Sample Data/Custom/Netskope/eventsnetworkdata_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,33 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,_id_s,access_method_s,action_s,app_s,appcategory_s,Category,cci_d,ccl_s,client_bytes_d,client_packets_d,count_d,device_s,dst_country_s,dst_geoip_src_d,dst_latitude_d,dst_location_s,dst_longitude_d,dst_region_s,dst_zipcode_s,dstip_s,dstport_d,ip_protocol_s,numbytes_d,organization_unit_s,os_s,os_version_s,policy_s,protocol_s,publisher_name_s,server_bytes_d,server_packets_d,session_duration_d,site_s,src_country_s,src_geoip_src_d,src_latitude_d,src_location_s,src_longitude_d,src_region_s,src_zipcode_s,srcip_s,srcport_d,timestamp_d,total_packets_d,traffic_type_s,tunnel_id_s,tunnel_type_s,tunnel_up_time_d,type_s,ur_normalized_s,user_s,userip_s,userkey_s,dsthost_s,hostname_s,domain_s,network_session_id_s,publisher_cn_s,start_time_s,num_sessions_d,end_time_s,sAMAccountName_s,protocol_port_s,userPrincipalName_s,flow_status_s,cci_s,Type,_ResourceId
abcd-cdef-ghijk,RestAPI,,,"2/16/2024, 1:56:26 PM",,,f978b254a7a01303cf0660dc,Client,allow,Google Cloud (gsutil),n/a,n/a,,,8774,73,1,Mobile device,FR,2,58.8323,Paris,12.4075,Île-de-France,75015,1.2.3.4,80,TCP,4446,,iOS,9.6,policy_ga36,Http,,39230,416,97,Google Cloud (gsutil),NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,16,1676243521,128,PrivateApp,1840938105,NPA,93,network,dummyuser1@something.com,dummyuser1@something.com,1.1.1.1,dummyuser1@something.com,,,,,,,0,,,,,,,eventsnetworkdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/16/2024, 1:56:26 PM",,,f97ec59f6c3dd6cc3d94c432,Client,block,Box,Cloud Storage,Cloud Storage,82,high,8529,70,1,Windows device,US,2,55.8234,Boardman,-109.7257,Oregon,97818,1.2.3.4,80,TCP,4637,,Windows,7,policy_ga33,Http,,43627,590,119,Box,US,2,42.8571,Lakeside,-106.9191,California,92040,5.6.7.8,16,1676243505,128,PrivateApp,1840938936,NPA,101,network,dummyuser2@something.com,dummyuser2@something.com,1.1.1.1,dummyuser2@something.com,,,,,,,0,,,,,,,eventsnetworkdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/16/2024, 1:56:26 PM",,,f97ee5ff0561aecefc1408e6,Client,allow,Karl Marc John,Shopping,Shopping,,unknown,8176,102,1,Mobile device,US,2,42.8571,Lakeside,-106.9191,California,92040,1.2.3.4,80,TCP,4104,,iOS,11.1,policy_ga21,Http,,33346,388,53,Karl Marc John,IN,2,29.0748,Mumbai,82.8856,Maharashtra,400072,5.6.7.8,16,1676243520,128,PrivateApp,1840938082,NPA,75,network,dummyuser3@something.com,dummyuser3@something.com,1.1.1.1,dummyuser3@something.com,,,,,,,0,,,,,,,eventsnetworkdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/16/2024, 1:56:26 PM",,,f9826fad2bfe1ccd68856c9f,Client,allow,LucenaResearch,Business Intelligence and Data Analytics,Business Intelligence and Data Analytics,,unknown,8190,102,1,Windows device,US,2,42.8571,Lakeside,-106.9191,California,92040,1.2.3.4,80,TCP,4155,,Windows,7.1,policy_ga51,Http,,17582,613,102,LucenaResearch,IN,2,29.0748,Mumbai,82.8856,Maharashtra,400072,5.6.7.8,16,1676243516,128,PrivateApp,1840938902,NPA,95,network,dummyuser4@something.com,dummyuser4@something.com,1.1.1.1,dummyuser4@something.com,,,,,,,0,,,,,,,eventsnetworkdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/16/2024, 1:56:26 PM",,,f985b767eca72973bfec82ce,Client,block,Winona State University,Education,Education,,unknown,8752,101,1,Mobile device,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,1.2.3.4,80,TCP,4530,,Android,10,policy_ga51,Http,,26521,652,55,Winona State University,IN,2,29.0748,Mumbai,82.8856,Maharashtra,400072,5.6.7.8,16,1676243524,128,PrivateApp,1840938168,NPA,87,network,dummyuser5@something.com,dummyuser5@something.com,1.1.1.1,dummyuser5@something.com,,,,,,,0,,,,,,,eventsnetworkdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/16/2024, 1:56:26 PM",,,f98acd92fb9a40972bb53f0f,Client,block,Visma Proceedo,Enterprise Resource Planning,Enterprise Resource Planning,,unknown,8139,92,1,Windows device,FR,2,58.8323,Paris,12.4075,Île-de-France,75015,1.2.3.4,80,TCP,4233,,Windows,7,policy_ga35,Http,,28998,698,87,Visma Proceedo,FR,2,58.8323,Paris,12.4075,Île-de-France,75015,5.6.7.8,16,1676243500,128,PrivateApp,1840938216,NPA,100,network,dummyuser6@something.com,dummyuser6@something.com,1.1.1.1,dummyuser6@something.com,,,,,,,0,,,,,,,eventsnetworkdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/16/2024, 1:56:26 PM",,,f9909d03e1127939b0ea6a15,Client,allow,Sogang University,Education,Education,,unknown,8517,77,1,Mobile device,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,1.2.3.4,80,TCP,4101,,Android,10,policy_ga22,Http,,10236,684,98,Sogang University,US,2,42.8571,Lakeside,-106.9191,California,92040,5.6.7.8,16,1676243510,128,PrivateApp,1840938838,NPA,106,network,dummyuser7@something.com,dummyuser7@something.com,1.1.1.1,dummyuser7@something.com,,,,,,,0,,,,,,,eventsnetworkdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/16/2024, 1:56:26 PM",,,f991280ad3e40573f67de9ca,Client,allow,SeeMyMachines,Business Intelligence and Data Analytics,Business Intelligence and Data Analytics,17,poor,8159,76,1,Mobile device,US,2,55.8234,Boardman,-109.7257,Oregon,97818,1.2.3.4,80,TCP,4163,,Android,11,policy_ga18,Http,,12983,335,121,SeeMyMachines,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,16,1676243530,128,PrivateApp,1840938237,NPA,101,network,dummyuser8@something.com,dummyuser8@something.com,1.1.1.1,dummyuser8@something.com,,,,,,,0,,,,,,,eventsnetworkdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/16/2024, 1:56:26 PM",,,f9924a410735239d8c8064ac,Client,block,Amazing Charts EHR,Business Process Management,Business Process Management,27,poor,8697,105,1,Windows device,IN,2,29.0748,Mumbai,82.8856,Maharashtra,400072,1.2.3.4,80,TCP,4383,,Windows,10,policy_ga20,Http,,7731,64,92,Amazing Charts EHR,IN,2,29.0748,Mumbai,82.8856,Maharashtra,400072,5.6.7.8,16,1676243521,128,PrivateApp,1840938144,NPA,90,network,dummyuser9@something.com,dummyuser9@something.com,1.1.1.1,dummyuser9@something.com,,,,,,,0,,,,,,,eventsnetworkdata_CL,
abcd-cdef-ghijk,RestAPI,,,"2/16/2024, 1:56:26 PM",,,f996c9348586288466585699,Client,allow,University of Arkansas Grantham,Education,Education,,unknown,8240,116,1,Windows device,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,1.2.3.4,80,TCP,4259,,Windows,7,policy_ga36,Http,,22963,52,85,University of Arkansas Grantham,NL,2,62.3759,Amsterdam,14.8975,North Holland,1012,5.6.7.8,16,1676243524,128,PrivateApp,1840938855,NPA,79,network,dummyuser10@something.com,dummyuser10@something.com,1.1.1.1,dummyuser10@something.com,,,,,,,0,,,,,,,eventsnetworkdata_CL,
abcd-cdef-ghijk,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,dstip_s,,dst_latitude,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,srcip_s,,dst_longitude,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,userip,,dstport,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,ur_normalized,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,user,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,src_latitude,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,src_longitude,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,srcport,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,userkey,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData _id_s access_method_s action_s app_s appcategory_s Category cci_d ccl_s client_bytes_d client_packets_d count_d device_s dst_country_s dst_geoip_src_d dst_latitude_d dst_location_s dst_longitude_d dst_region_s dst_zipcode_s dstip_s dstport_d ip_protocol_s numbytes_d organization_unit_s os_s os_version_s policy_s protocol_s publisher_name_s server_bytes_d server_packets_d session_duration_d site_s src_country_s src_geoip_src_d src_latitude_d src_location_s src_longitude_d src_region_s src_zipcode_s srcip_s srcport_d timestamp_d total_packets_d traffic_type_s tunnel_id_s tunnel_type_s tunnel_up_time_d type_s ur_normalized_s user_s userip_s userkey_s dsthost_s hostname_s domain_s network_session_id_s publisher_cn_s start_time_s num_sessions_d end_time_s sAMAccountName_s protocol_port_s userPrincipalName_s flow_status_s cci_s Type _ResourceId
2 abcd-cdef-ghijk RestAPI 2/16/2024, 1:56:26 PM f978b254a7a01303cf0660dc Client allow Google Cloud (gsutil) n/a n/a 8774 73 1 Mobile device FR 2 58.8323 Paris 12.4075 Île-de-France 75015 1.2.3.4 80 TCP 4446 iOS 9.6 policy_ga36 Http 39230 416 97 Google Cloud (gsutil) NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 16 1676243521 128 PrivateApp 1840938105 NPA 93 network dummyuser1@something.com dummyuser1@something.com 1.1.1.1 dummyuser1@something.com 0 eventsnetworkdata_CL
3 abcd-cdef-ghijk RestAPI 2/16/2024, 1:56:26 PM f97ec59f6c3dd6cc3d94c432 Client block Box Cloud Storage Cloud Storage 82 high 8529 70 1 Windows device US 2 55.8234 Boardman -109.7257 Oregon 97818 1.2.3.4 80 TCP 4637 Windows 7 policy_ga33 Http 43627 590 119 Box US 2 42.8571 Lakeside -106.9191 California 92040 5.6.7.8 16 1676243505 128 PrivateApp 1840938936 NPA 101 network dummyuser2@something.com dummyuser2@something.com 1.1.1.1 dummyuser2@something.com 0 eventsnetworkdata_CL
4 abcd-cdef-ghijk RestAPI 2/16/2024, 1:56:26 PM f97ee5ff0561aecefc1408e6 Client allow Karl Marc John Shopping Shopping unknown 8176 102 1 Mobile device US 2 42.8571 Lakeside -106.9191 California 92040 1.2.3.4 80 TCP 4104 iOS 11.1 policy_ga21 Http 33346 388 53 Karl Marc John IN 2 29.0748 Mumbai 82.8856 Maharashtra 400072 5.6.7.8 16 1676243520 128 PrivateApp 1840938082 NPA 75 network dummyuser3@something.com dummyuser3@something.com 1.1.1.1 dummyuser3@something.com 0 eventsnetworkdata_CL
5 abcd-cdef-ghijk RestAPI 2/16/2024, 1:56:26 PM f9826fad2bfe1ccd68856c9f Client allow LucenaResearch Business Intelligence and Data Analytics Business Intelligence and Data Analytics unknown 8190 102 1 Windows device US 2 42.8571 Lakeside -106.9191 California 92040 1.2.3.4 80 TCP 4155 Windows 7.1 policy_ga51 Http 17582 613 102 LucenaResearch IN 2 29.0748 Mumbai 82.8856 Maharashtra 400072 5.6.7.8 16 1676243516 128 PrivateApp 1840938902 NPA 95 network dummyuser4@something.com dummyuser4@something.com 1.1.1.1 dummyuser4@something.com 0 eventsnetworkdata_CL
6 abcd-cdef-ghijk RestAPI 2/16/2024, 1:56:26 PM f985b767eca72973bfec82ce Client block Winona State University Education Education unknown 8752 101 1 Mobile device NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 1.2.3.4 80 TCP 4530 Android 10 policy_ga51 Http 26521 652 55 Winona State University IN 2 29.0748 Mumbai 82.8856 Maharashtra 400072 5.6.7.8 16 1676243524 128 PrivateApp 1840938168 NPA 87 network dummyuser5@something.com dummyuser5@something.com 1.1.1.1 dummyuser5@something.com 0 eventsnetworkdata_CL
7 abcd-cdef-ghijk RestAPI 2/16/2024, 1:56:26 PM f98acd92fb9a40972bb53f0f Client block Visma Proceedo Enterprise Resource Planning Enterprise Resource Planning unknown 8139 92 1 Windows device FR 2 58.8323 Paris 12.4075 Île-de-France 75015 1.2.3.4 80 TCP 4233 Windows 7 policy_ga35 Http 28998 698 87 Visma Proceedo FR 2 58.8323 Paris 12.4075 Île-de-France 75015 5.6.7.8 16 1676243500 128 PrivateApp 1840938216 NPA 100 network dummyuser6@something.com dummyuser6@something.com 1.1.1.1 dummyuser6@something.com 0 eventsnetworkdata_CL
8 abcd-cdef-ghijk RestAPI 2/16/2024, 1:56:26 PM f9909d03e1127939b0ea6a15 Client allow Sogang University Education Education unknown 8517 77 1 Mobile device NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 1.2.3.4 80 TCP 4101 Android 10 policy_ga22 Http 10236 684 98 Sogang University US 2 42.8571 Lakeside -106.9191 California 92040 5.6.7.8 16 1676243510 128 PrivateApp 1840938838 NPA 106 network dummyuser7@something.com dummyuser7@something.com 1.1.1.1 dummyuser7@something.com 0 eventsnetworkdata_CL
9 abcd-cdef-ghijk RestAPI 2/16/2024, 1:56:26 PM f991280ad3e40573f67de9ca Client allow SeeMyMachines Business Intelligence and Data Analytics Business Intelligence and Data Analytics 17 poor 8159 76 1 Mobile device US 2 55.8234 Boardman -109.7257 Oregon 97818 1.2.3.4 80 TCP 4163 Android 11 policy_ga18 Http 12983 335 121 SeeMyMachines NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 16 1676243530 128 PrivateApp 1840938237 NPA 101 network dummyuser8@something.com dummyuser8@something.com 1.1.1.1 dummyuser8@something.com 0 eventsnetworkdata_CL
10 abcd-cdef-ghijk RestAPI 2/16/2024, 1:56:26 PM f9924a410735239d8c8064ac Client block Amazing Charts EHR Business Process Management Business Process Management 27 poor 8697 105 1 Windows device IN 2 29.0748 Mumbai 82.8856 Maharashtra 400072 1.2.3.4 80 TCP 4383 Windows 10 policy_ga20 Http 7731 64 92 Amazing Charts EHR IN 2 29.0748 Mumbai 82.8856 Maharashtra 400072 5.6.7.8 16 1676243521 128 PrivateApp 1840938144 NPA 90 network dummyuser9@something.com dummyuser9@something.com 1.1.1.1 dummyuser9@something.com 0 eventsnetworkdata_CL
11 abcd-cdef-ghijk RestAPI 2/16/2024, 1:56:26 PM f996c9348586288466585699 Client allow University of Arkansas Grantham Education Education unknown 8240 116 1 Windows device NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 1.2.3.4 80 TCP 4259 Windows 7 policy_ga36 Http 22963 52 85 University of Arkansas Grantham NL 2 62.3759 Amsterdam 14.8975 North Holland 1012 5.6.7.8 16 1676243524 128 PrivateApp 1840938855 NPA 79 network dummyuser10@something.com dummyuser10@something.com 1.1.1.1 dummyuser10@something.com 0 eventsnetworkdata_CL
12 abcd-cdef-ghijk
13
14
15
16
17
18
19
20
21
22
23
24
25 dstip_s dst_latitude
26 srcip_s dst_longitude
27 userip dstport
28 ur_normalized
29 user
30 src_latitude
31 src_longitude
32 srcport
33 userkey

11
Sample Data/Custom/Netskope/eventspagedata_CL.csv Normal file
Просмотреть файл

@ -0,0 +1,11 @@
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated [UTC],Computer,RawData,_id_s,access_method_s,app_s,appcategory_s,bypass_reason_s,bypass_traffic_s,Category,cci_d,ccl_s,connection_id_d,count_d,domain_s,dst_country_s,dst_latitude_d ,dst_location_s,dst_longitude_d,dst_region_s,dst_timezone_s,dst_zipcode_s,dstip_s,dstport_d,netskope_pop_s,organization_unit_s,other_categories_s,page_s,request_id_d,site_s,src_country_s,src_latitude_d,src_location_s,src_longitude_d,src_region_s,src_time_s,src_timezone_s,src_zipcode_s,srcip_s,ssl_decrypt_policy_s,timestamp_d,traffic_type_s,transaction_id_d,type_s,ur_normalized_s,url_s,user_s,user_generated_s,userip_s,userkey_s,server_bytes_d,browser_session_id_d,sessionid_s,fromlogs_s,browser_version_s,network_s,org_s,resp_content_type_s,conn_duration_d,policy_s,log_file_name_s,resp_cnt_d,severity_s,serial_s,hostname_s,suppression_start_time_d,conn_endtime_d,sAMAccountName_s,numbytes_d,req_cnt_d,src_geoip_src_d,forward_to_proxy_profile_s,resp_content_len_d,os_s,userPrincipalName_s,suppression_end_time_d,os_version_s,device_s,dynamic_classification_s,dst_geoip_src_d,CononicalName_s,conn_starttime_d,browser_s,dsthost_s,client_bytes_d,app_session_id_d,http_transaction_count_d,useragent_s,protocol_s,Type,_ResourceId
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:07:16 AM",,,4ec61988f060fab4eaece27d,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,abc.microsoft.com,JP,45.6893,Tokyo,149.6899,Tokyo,Asia/Tokyo,102-0082,1.2.3.4,443,US-LAX1,,"[""Technology"",""All Categories"",""Business""]",abc.microsoft.com,2.7238E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 13:28:00 2023,America/New_York,N/A,5.6.7.8,no,1701714497,Web,0,connection,1.2.3.4,abc.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,0,0,,,,,,,0,,,0,,,,0,0,,0,0,0,,0,,,0,,,,0,,0,,,0,0,0,,,eventspagedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:07:16 AM",,,6c74dbf7c1167da0361714df,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,rst.microsoft.com,IN,28.6161,Pune,83.7286,Maharashtra,Asia/Kolkata,411005,1.2.3.4,443,US-LAX1,,"[""Technology"",""All Categories"",""Business""]",rst.microsoft.com,2.7238E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 13:37:08 2023,America/New_York,N/A,5.6.7.8,no,1701715086,Web,0,connection,1.2.3.4,rst.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,0,0,,,,,,,0,,,0,,,,0,0,,0,0,0,,0,,,0,,,,0,,0,,,0,0,0,,,eventspagedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:07:16 AM",,,c9313f57c168752dac102c0c,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,rst.windowsupdate.com,US,51.8486,Chicago,-77.6288,Illinois,America/Chicago,60616,1.2.3.4,80,US-LAX1,,"[""Technology"",""All Categories""]",rst.windowsupdate.com,2.7238E+18,windowsupdate,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 13:40:08 2023,America/New_York,N/A,5.6.7.8,no,1701715206,Web,6.17517E+18,connection,1.2.3.4,rst.windowsupdate.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,0,0,,,,,,,0,,,0,,,,0,0,,0,0,0,,0,,,0,,,,0,,0,,,0,0,0,,,eventspagedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:07:16 AM",,,022162c22bc5b26005107f9e,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,def.microsoft.com,IE,63.3379,Dublin,4.2591,Leinster,Europe/Dublin,D02,1.2.3.4,443,US-LAX1,,"[""Technology"",""All Categories"",""Business""]",def.microsoft.com,2.72381E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 13:44:08 2023,America/New_York,N/A,5.6.7.8,no,1701715460,Web,0,connection,1.2.3.4,def.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,0,0,,,,,,,0,,,0,,,,0,0,,0,0,0,,0,,,0,,,,0,,0,,,0,0,0,,,eventspagedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:07:16 AM",,,f7dacbadb8d92f611941d64f,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,pqr.microsoft.com,US,47.9273,Tappahannock,-66.8545,Virginia,America/New_York,22560,1.2.3.4,443,US-LAX1,,"[""Technology"",""All Categories"",""Business""]",pqr.microsoft.com,2.72381E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 13:52:08 2023,America/New_York,N/A,5.6.7.8,no,1701715981,Web,0,connection,1.2.3.4,pqr.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,0,0,,,,,,,0,,,0,,,,0,0,,0,0,0,,0,,,0,,,,0,,0,,,0,0,0,,,eventspagedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:07:16 AM",,,aaa5b9a0653dc2e637a4314e,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,rst.windowsupdate.com,US,44.0544,Los Angeles,-108.2441,California,America/Los_Angeles,90060,1.2.3.4,80,US-LAX1,,"[""Technology"",""All Categories""]",rst.windowsupdate.com,2.72381E+18,windowsupdate,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 13:53:08 2023,America/New_York,N/A,5.6.7.8,no,1701715991,Web,7.00157E+18,connection,1.2.3.4,rst.windowsupdate.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,0,0,,,,,,,0,,,0,,,,0,0,,0,0,0,,0,,,0,,,,0,,0,,,0,0,0,,,eventspagedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:07:16 AM",,,98d767066723cee068862952,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,abc.microsoft.com,US,47.1835,San Jose,-111.7714,California,America/Los_Angeles,95141,1.2.3.4,443,US-LAX1,,"[""Technology"",""All Categories"",""Business""]",abc.microsoft.com,2.72382E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 14:00:00 2023,America/New_York,N/A,5.6.7.8,no,1701716444,Web,0,connection,1.2.3.4,abc.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,0,0,,,,,,,0,,,0,,,,0,0,,0,0,0,,0,,,0,,,,0,,0,,,0,0,0,,,eventspagedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:07:16 AM",,,abe49d8c917b9748ff2943bc,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,def.microsoft.com,IE,63.3379,Dublin,4.2591,Leinster,Europe/Dublin,D02,1.2.3.4,443,US-LAX1,,"[""Technology"",""All Categories"",""Business""]",def.microsoft.com,2.72382E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 14:08:00 2023,America/New_York,N/A,5.6.7.8,no,1701716885,Web,0,connection,1.2.3.4,def.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,0,0,,,,,,,0,,,0,,,,0,0,,0,0,0,,0,,,0,,,,0,,0,,,0,0,0,,,eventspagedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:07:16 AM",,,52093b15ffc2a18d4b6cb38c,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,pqr.microsoft.com,US,47.9273,Tappahannock,-66.8545,Virginia,America/New_York,22560,1.2.3.4,443,US-LAX1,,"[""Technology"",""All Categories"",""Business""]",pqr.microsoft.com,2.72383E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 14:22:00 2023,America/New_York,N/A,5.6.7.8,no,1701717781,Web,0,connection,1.2.3.4,pqr.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,0,0,,,,,,,0,,,0,,,,0,0,,0,0,0,,0,,,0,,,,0,,0,,,0,0,0,,,eventspagedata_CL,
acd8fb14-0000-0000-a4fd-1456cbfdbacd,RestAPI,,,"2/29/2024, 8:07:16 AM",,,b641a9df01a0ce3b4fa9a2f1,IPSec,,Technology,Steering Exception - Default tenant config,yes,Technology,0,unknown,0,1,def.microsoft.com,IE,63.3379,Dublin,4.2591,Leinster,Europe/Dublin,D02,1.2.3.4,443,US-LAX1,,"[""Technology"",""All Categories"",""Business""]",def.microsoft.com,2.72383E+18,microsoft,US,50.3325386,Doylestown,-65.11663818,Pennsylvania,Mon Dec 4 14:24:00 2023,America/New_York,N/A,5.6.7.8,no,1701717858,Web,0,connection,1.2.3.4,def.microsoft.com,1.2.3.4,yes,1.2.3.4,1.2.3.4,0,0,,,,,,,0,,,0,,,,0,0,,0,0,0,,0,,,0,,,,0,,0,,,0,0,0,,,eventspagedata_CL,
1 TenantId SourceSystem MG ManagementGroupName TimeGenerated [UTC] Computer RawData _id_s access_method_s app_s appcategory_s bypass_reason_s bypass_traffic_s Category cci_d ccl_s connection_id_d count_d domain_s dst_country_s dst_latitude_d dst_location_s dst_longitude_d dst_region_s dst_timezone_s dst_zipcode_s dstip_s dstport_d netskope_pop_s organization_unit_s other_categories_s page_s request_id_d site_s src_country_s src_latitude_d src_location_s src_longitude_d src_region_s src_time_s src_timezone_s src_zipcode_s srcip_s ssl_decrypt_policy_s timestamp_d traffic_type_s transaction_id_d type_s ur_normalized_s url_s user_s user_generated_s userip_s userkey_s server_bytes_d browser_session_id_d sessionid_s fromlogs_s browser_version_s network_s org_s resp_content_type_s conn_duration_d policy_s log_file_name_s resp_cnt_d severity_s serial_s hostname_s suppression_start_time_d conn_endtime_d sAMAccountName_s numbytes_d req_cnt_d src_geoip_src_d forward_to_proxy_profile_s resp_content_len_d os_s userPrincipalName_s suppression_end_time_d os_version_s device_s dynamic_classification_s dst_geoip_src_d CononicalName_s conn_starttime_d browser_s dsthost_s client_bytes_d app_session_id_d http_transaction_count_d useragent_s protocol_s Type _ResourceId
2 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:07:16 AM 4ec61988f060fab4eaece27d IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 abc.microsoft.com JP 45.6893 Tokyo 149.6899 Tokyo Asia/Tokyo 102-0082 1.2.3.4 443 US-LAX1 ["Technology","All Categories","Business"] abc.microsoft.com 2.7238E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 13:28:00 2023 America/New_York N/A 5.6.7.8 no 1701714497 Web 0 connection 1.2.3.4 abc.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eventspagedata_CL
3 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:07:16 AM 6c74dbf7c1167da0361714df IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 rst.microsoft.com IN 28.6161 Pune 83.7286 Maharashtra Asia/Kolkata 411005 1.2.3.4 443 US-LAX1 ["Technology","All Categories","Business"] rst.microsoft.com 2.7238E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 13:37:08 2023 America/New_York N/A 5.6.7.8 no 1701715086 Web 0 connection 1.2.3.4 rst.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eventspagedata_CL
4 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:07:16 AM c9313f57c168752dac102c0c IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 rst.windowsupdate.com US 51.8486 Chicago -77.6288 Illinois America/Chicago 60616 1.2.3.4 80 US-LAX1 ["Technology","All Categories"] rst.windowsupdate.com 2.7238E+18 windowsupdate US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 13:40:08 2023 America/New_York N/A 5.6.7.8 no 1701715206 Web 6.17517E+18 connection 1.2.3.4 rst.windowsupdate.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eventspagedata_CL
5 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:07:16 AM 022162c22bc5b26005107f9e IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 def.microsoft.com IE 63.3379 Dublin 4.2591 Leinster Europe/Dublin D02 1.2.3.4 443 US-LAX1 ["Technology","All Categories","Business"] def.microsoft.com 2.72381E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 13:44:08 2023 America/New_York N/A 5.6.7.8 no 1701715460 Web 0 connection 1.2.3.4 def.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eventspagedata_CL
6 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:07:16 AM f7dacbadb8d92f611941d64f IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 pqr.microsoft.com US 47.9273 Tappahannock -66.8545 Virginia America/New_York 22560 1.2.3.4 443 US-LAX1 ["Technology","All Categories","Business"] pqr.microsoft.com 2.72381E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 13:52:08 2023 America/New_York N/A 5.6.7.8 no 1701715981 Web 0 connection 1.2.3.4 pqr.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eventspagedata_CL
7 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:07:16 AM aaa5b9a0653dc2e637a4314e IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 rst.windowsupdate.com US 44.0544 Los Angeles -108.2441 California America/Los_Angeles 90060 1.2.3.4 80 US-LAX1 ["Technology","All Categories"] rst.windowsupdate.com 2.72381E+18 windowsupdate US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 13:53:08 2023 America/New_York N/A 5.6.7.8 no 1701715991 Web 7.00157E+18 connection 1.2.3.4 rst.windowsupdate.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eventspagedata_CL
8 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:07:16 AM 98d767066723cee068862952 IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 abc.microsoft.com US 47.1835 San Jose -111.7714 California America/Los_Angeles 95141 1.2.3.4 443 US-LAX1 ["Technology","All Categories","Business"] abc.microsoft.com 2.72382E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 14:00:00 2023 America/New_York N/A 5.6.7.8 no 1701716444 Web 0 connection 1.2.3.4 abc.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eventspagedata_CL
9 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:07:16 AM abe49d8c917b9748ff2943bc IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 def.microsoft.com IE 63.3379 Dublin 4.2591 Leinster Europe/Dublin D02 1.2.3.4 443 US-LAX1 ["Technology","All Categories","Business"] def.microsoft.com 2.72382E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 14:08:00 2023 America/New_York N/A 5.6.7.8 no 1701716885 Web 0 connection 1.2.3.4 def.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eventspagedata_CL
10 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:07:16 AM 52093b15ffc2a18d4b6cb38c IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 pqr.microsoft.com US 47.9273 Tappahannock -66.8545 Virginia America/New_York 22560 1.2.3.4 443 US-LAX1 ["Technology","All Categories","Business"] pqr.microsoft.com 2.72383E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 14:22:00 2023 America/New_York N/A 5.6.7.8 no 1701717781 Web 0 connection 1.2.3.4 pqr.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eventspagedata_CL
11 acd8fb14-0000-0000-a4fd-1456cbfdbacd RestAPI 2/29/2024, 8:07:16 AM b641a9df01a0ce3b4fa9a2f1 IPSec Technology Steering Exception - Default tenant config yes Technology 0 unknown 0 1 def.microsoft.com IE 63.3379 Dublin 4.2591 Leinster Europe/Dublin D02 1.2.3.4 443 US-LAX1 ["Technology","All Categories","Business"] def.microsoft.com 2.72383E+18 microsoft US 50.3325386 Doylestown -65.11663818 Pennsylvania Mon Dec 4 14:24:00 2023 America/New_York N/A 5.6.7.8 no 1701717858 Web 0 connection 1.2.3.4 def.microsoft.com 1.2.3.4 yes 1.2.3.4 1.2.3.4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eventspagedata_CL

2
Solutions/Armis/Data/Solution_Armis.json
Просмотреть файл

@ -17,7 +17,7 @@
"Playbooks/ArmisUpdateAlertStatus/azuredeploy.json"
],
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Armis",
"Version": "3.0.1",
"Version": "3.0.2",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
"Is1PConnector": false

Двоичные данные
Solutions/Armis/Package/3.0.1.zip
Просмотреть файл

Двоичный файл не отображается.

Двоичные данные
Solutions/Armis/Package/3.0.2.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

14
Solutions/Armis/Package/createUiDefinition.json
Просмотреть файл

@ -63,20 +63,6 @@
"text": "This Solution installs the data connector for Armis. You can get Armis custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
}
},
{
"name": "dataconnectors2-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This Solution installs the data connector for Armis. You can get Armis custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
}
},
{
"name": "dataconnectors3-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This Solution installs the data connector for Armis. You can get Armis custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
}
},
{
"name": "dataconnectors-parser-text",
"type": "Microsoft.Common.TextBlock",

42
Solutions/Armis/Package/mainTemplate.json
Просмотреть файл

@ -33,26 +33,26 @@
"email": "support@armis.com}",
"_email": "[variables('email')]",
"_solutionName": "Armis",
"_solutionVersion": "3.0.1",
"_solutionVersion": "3.0.2",
"solutionId": "armisinc1668090987837.armis-solution",
"_solutionId": "[variables('solutionId')]",
"parserObject1": {
"_parserName1": "[concat(parameters('workspace'),'/','ArmisActivities Data Parser')]",
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ArmisActivities Data Parser')]",
"_parserName1": "[concat(parameters('workspace'),'/','ArmisActivities')]",
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ArmisActivities')]",
"parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('ArmisActivities-Parser')))]",
"parserVersion1": "1.0.0",
"parserContentId1": "ArmisActivities-Parser"
},
"parserObject2": {
"_parserName2": "[concat(parameters('workspace'),'/','ArmisDevice Data Parser')]",
"_parserId2": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ArmisDevice Data Parser')]",
"_parserName2": "[concat(parameters('workspace'),'/','ArmisDevice')]",
"_parserId2": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ArmisDevice')]",
"parserTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('ArmisDevice-Parser')))]",
"parserVersion2": "1.0.0",
"parserContentId2": "ArmisDevice-Parser"
},
"parserObject3": {
"_parserName3": "[concat(parameters('workspace'),'/','ArmisAlerts Data Parser')]",
"_parserId3": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ArmisAlerts Data Parser')]",
"_parserName3": "[concat(parameters('workspace'),'/','ArmisAlerts')]",
"_parserId3": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ArmisAlerts')]",
"parserTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('ArmisAlerts-Parser')))]",
"parserVersion3": "1.0.0",
"parserContentId3": "ArmisAlerts-Parser"
@ -106,7 +106,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ArmisActivities Data Parser with template version 3.0.1",
"description": "ArmisActivities Data Parser with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject1').parserVersion1]",
@ -142,7 +142,7 @@
"[variables('parserObject1')._parserId1]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for ArmisActivities')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ArmisActivities')]",
"contentId": "[variables('parserObject1').parserContentId1]",
"kind": "Parser",
"version": "[variables('parserObject1').parserVersion1]",
@ -208,7 +208,7 @@
"[variables('parserObject1')._parserId1]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for ArmisActivities')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ArmisActivities')]",
"contentId": "[variables('parserObject1').parserContentId1]",
"kind": "Parser",
"version": "[variables('parserObject1').parserVersion1]",
@ -238,7 +238,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ArmisDevice Data Parser with template version 3.0.1",
"description": "ArmisDevice Data Parser with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject2').parserVersion2]",
@ -274,7 +274,7 @@
"[variables('parserObject2')._parserId2]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for ArmisDevice')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ArmisDevice')]",
"contentId": "[variables('parserObject2').parserContentId2]",
"kind": "Parser",
"version": "[variables('parserObject2').parserVersion2]",
@ -340,7 +340,7 @@
"[variables('parserObject2')._parserId2]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for ArmisDevice')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ArmisDevice')]",
"contentId": "[variables('parserObject2').parserContentId2]",
"kind": "Parser",
"version": "[variables('parserObject2').parserVersion2]",
@ -370,7 +370,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ArmisAlerts Data Parser with template version 3.0.1",
"description": "ArmisAlerts Data Parser with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject3').parserVersion3]",
@ -406,7 +406,7 @@
"[variables('parserObject3')._parserId3]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for ArmisAlerts')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ArmisAlerts')]",
"contentId": "[variables('parserObject3').parserContentId3]",
"kind": "Parser",
"version": "[variables('parserObject3').parserVersion3]",
@ -472,7 +472,7 @@
"[variables('parserObject3')._parserId3]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for ArmisAlerts')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ArmisAlerts')]",
"contentId": "[variables('parserObject3').parserContentId3]",
"kind": "Parser",
"version": "[variables('parserObject3').parserVersion3]",
@ -502,7 +502,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Armis data connector with template version 3.0.1",
"description": "Armis data connector with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion1')]",
@ -853,7 +853,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Armis data connector with template version 3.0.1",
"description": "Armis data connector with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion2')]",
@ -1204,7 +1204,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Armis data connector with template version 3.0.1",
"description": "Armis data connector with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion3')]",
@ -1555,7 +1555,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "ArmisUpdateAlertStatus Playbook with template version 3.0.1",
"description": "ArmisUpdateAlertStatus Playbook with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion1')]",
@ -2119,7 +2119,7 @@
"apiVersion": "2023-04-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
"version": "3.0.1",
"version": "3.0.2",
"kind": "Solution",
"contentSchemaVersion": "3.0.0",
"displayName": "Armis",

1
Solutions/Armis/ReleaseNotes.md
Просмотреть файл

@ -1,4 +1,5 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|---------------------------------------------|
| 3.0.2 | 03-05-2024 | Repackaged for parser issue fix on reinstall|
| 3.0.1 | 15-04-2024 | Added Deploy to Azure Government button in **Data connectors**|
| 3.0.0 | 03-11-2023 | Fixed vulnerability related issue by passing the scret key in the body of the request instead of the param in the data connector and playbook |

2
Solutions/AtlassianConfluenceAudit/Data/Solution_AtlassianConfluenceAudit.json
Просмотреть файл

@ -7,7 +7,7 @@
"Data Connector/AtlassianConfluenceAuditDataConnector/ConfluenceAudit_API_FunctionApp.json"
],
"Parsers": [
"Parsers/ConfluenceAudit.txt"
"Parsers/ConfluenceAudit.yaml"
],
"Metadata": "SolutionMetadata.json",
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\AtlassianConfluenceAudit",

Двоичные данные
Solutions/AtlassianConfluenceAudit/Package/3.0.1.zip
Просмотреть файл

Двоичный файл не отображается.

20
Solutions/AtlassianConfluenceAudit/Package/mainTemplate.json
Просмотреть файл

@ -46,8 +46,8 @@
"dataConnectorVersion1": "1.0.0",
"_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
"parserObject1": {
"_parserName1": "[concat(parameters('workspace'),'/','ConfluenceAudit Data Parser')]",
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ConfluenceAudit Data Parser')]",
"_parserName1": "[concat(parameters('workspace'),'/','ConfluenceAudit')]",
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ConfluenceAudit')]",
"parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('ConfluenceAudit-Parser')))]",
"parserVersion1": "1.0.0",
"parserContentId1": "ConfluenceAudit-Parser"
@ -422,15 +422,15 @@
"properties": {
"eTag": "*",
"displayName": "ConfluenceAudit",
"category": "Samples",
"category": "Microsoft Sentinel Parser",
"functionAlias": "ConfluenceAudit",
"query": "\nlet Confluence_Audit_view = view () { \r\n Confluence_Audit_CL\r\n | extend \r\n EventVendor=\"Atlassian\",\r\n EventProduct=\"Confluence\",\r\n AuthorUsername=column_ifexists('author_username_s', ''),\r\n\t\t AuthorUserKey=column_ifexists('author_userKey_g', ''),\r\n AuthorAccountId=column_ifexists('author_accountId_s', ''),\r\n AuthorType=column_ifexists('author_type_s', ''),\r\n AuthorDisplayName=column_ifexists('author_displayName_s', ''),\r\n AuthorIsExternalCollaborator=column_ifexists('author_isExternalCollaborator_b', ''),\r\n AuthorAccountType=column_ifexists('author_accountType_s', ''),\r\n AuthorPublicName=column_ifexists('author_publicName_s', ''),\r\n AuthorExternalCollaborator=column_ifexists('author_externalCollaborator_b', ''),\r\n RemoteAddress=column_ifexists('remoteAddress_s', ''),\r\n CreationDate=column_ifexists('creationDate_d', ''),\r\n Summary=column_ifexists('summary_s', ''),\r\n Description=column_ifexists('description_s', ''),\r\n Category=column_ifexists('Category', ''),\r\n SysAdmin=column_ifexists('sysAdmin_b', ''),\r\n SuperAdmin=column_ifexists('superAdmin_b', ''),\r\n AffectedObjectName=column_ifexists('affectedObject_name_s', ''),\r\n AffectedObjectObjectType=column_ifexists('affectedObject_objectType_s', ''),\r\n ChangedValues=column_ifexists('changedValues_s', ''),\r\n AssociatedObjects=column_ifexists('associatedObjects_s', ''),\r\n UserIdentity=column_ifexists('author_accountId_s', ''),\r\n SrcUserName=column_ifexists('author_displayName_s', ''),\r\n DstUserSid=column_ifexists('author_userKey_s', ''),\r\n SrcIpAddr=column_ifexists('remoteAddress_s', ''),\r\n EventCreationTime=column_ifexists('creationDate_d', ''),\r\n EventMessage=column_ifexists('summary_s', ''),\r\n EventCategoryType =column_ifexists('Category', '') \r\n | project\r\n TimeGenerated, \r\n EventVendor,\r\n EventProduct,\r\n AuthorUsername,\r\n AuthorAccountId,\r\n AuthorType,\r\n AuthorDisplayName,\r\n AuthorIsExternalCollaborator,\r\n AuthorUserKey,\r\n AuthorAccountType,\r\n AuthorPublicName,\r\n AuthorExternalCollaborator,\r\n RemoteAddress,\r\n CreationDate,\r\n Summary,\r\n Description,\r\n Category,\r\n SysAdmin,\r\n SuperAdmin,\r\n AffectedObjectName,\r\n AffectedObjectObjectType,\r\n ChangedValues,\r\n AssociatedObjects,\r\n UserIdentity,\r\n SrcUserName,\r\n DstUserSid,\r\n SrcIpAddr,\r\n EventCreationTime,\r\n EventMessage,\r\n EventCategoryType \r\n};\r\nConfluence_Audit_view\r\n",
"query": "let Confluence_Audit_view = view () { \n Confluence_Audit_CL\n | extend \n EventVendor=\"Atlassian\",\n EventProduct=\"Confluence\",\n AuthorUsername=column_ifexists('author_username_s', ''),\n\t\t AuthorUserKey=column_ifexists('author_userKey_g', ''),\n AuthorAccountId=column_ifexists('author_accountId_s', ''),\n AuthorType=column_ifexists('author_type_s', ''),\n AuthorDisplayName=column_ifexists('author_displayName_s', ''),\n AuthorIsExternalCollaborator=column_ifexists('author_isExternalCollaborator_b', ''),\n AuthorAccountType=column_ifexists('author_accountType_s', ''),\n AuthorPublicName=column_ifexists('author_publicName_s', ''),\n AuthorExternalCollaborator=column_ifexists('author_externalCollaborator_b', ''),\n RemoteAddress=column_ifexists('remoteAddress_s', ''),\n CreationDate=column_ifexists('creationDate_d', ''),\n Summary=column_ifexists('summary_s', ''),\n Description=column_ifexists('description_s', ''),\n Category=column_ifexists('Category', ''),\n SysAdmin=column_ifexists('sysAdmin_b', ''),\n SuperAdmin=column_ifexists('superAdmin_b', ''),\n AffectedObjectName=column_ifexists('affectedObject_name_s', ''),\n AffectedObjectObjectType=column_ifexists('affectedObject_objectType_s', ''),\n ChangedValues=column_ifexists('changedValues_s', ''),\n AssociatedObjects=column_ifexists('associatedObjects_s', ''),\n UserIdentity=column_ifexists('author_accountId_s', ''),\n SrcUserName=column_ifexists('author_displayName_s', ''),\n DstUserSid=column_ifexists('author_userKey_s', ''),\n SrcIpAddr=column_ifexists('remoteAddress_s', ''),\n EventCreationTime=column_ifexists('creationDate_d', ''),\n EventMessage=column_ifexists('summary_s', ''),\n EventCategoryType =column_ifexists('Category', '') \n | project\n TimeGenerated, \n EventVendor,\n EventProduct,\n AuthorUsername,\n AuthorAccountId,\n AuthorType,\n AuthorDisplayName,\n AuthorIsExternalCollaborator,\n AuthorUserKey,\n AuthorAccountType,\n AuthorPublicName,\n AuthorExternalCollaborator,\n RemoteAddress,\n CreationDate,\n Summary,\n Description,\n Category,\n SysAdmin,\n SuperAdmin,\n AffectedObjectName,\n AffectedObjectObjectType,\n ChangedValues,\n AssociatedObjects,\n UserIdentity,\n SrcUserName,\n DstUserSid,\n SrcIpAddr,\n EventCreationTime,\n EventMessage,\n EventCategoryType \n};\nConfluence_Audit_view\n",
"functionParameters": "",
"version": 1,
"version": 2,
"tags": [
{
"name": "description",
"value": "ConfluenceAudit"
"value": ""
}
]
}
@ -487,15 +487,15 @@
"properties": {
"eTag": "*",
"displayName": "ConfluenceAudit",
"category": "Samples",
"category": "Microsoft Sentinel Parser",
"functionAlias": "ConfluenceAudit",
"query": "\nlet Confluence_Audit_view = view () { \r\n Confluence_Audit_CL\r\n | extend \r\n EventVendor=\"Atlassian\",\r\n EventProduct=\"Confluence\",\r\n AuthorUsername=column_ifexists('author_username_s', ''),\r\n\t\t AuthorUserKey=column_ifexists('author_userKey_g', ''),\r\n AuthorAccountId=column_ifexists('author_accountId_s', ''),\r\n AuthorType=column_ifexists('author_type_s', ''),\r\n AuthorDisplayName=column_ifexists('author_displayName_s', ''),\r\n AuthorIsExternalCollaborator=column_ifexists('author_isExternalCollaborator_b', ''),\r\n AuthorAccountType=column_ifexists('author_accountType_s', ''),\r\n AuthorPublicName=column_ifexists('author_publicName_s', ''),\r\n AuthorExternalCollaborator=column_ifexists('author_externalCollaborator_b', ''),\r\n RemoteAddress=column_ifexists('remoteAddress_s', ''),\r\n CreationDate=column_ifexists('creationDate_d', ''),\r\n Summary=column_ifexists('summary_s', ''),\r\n Description=column_ifexists('description_s', ''),\r\n Category=column_ifexists('Category', ''),\r\n SysAdmin=column_ifexists('sysAdmin_b', ''),\r\n SuperAdmin=column_ifexists('superAdmin_b', ''),\r\n AffectedObjectName=column_ifexists('affectedObject_name_s', ''),\r\n AffectedObjectObjectType=column_ifexists('affectedObject_objectType_s', ''),\r\n ChangedValues=column_ifexists('changedValues_s', ''),\r\n AssociatedObjects=column_ifexists('associatedObjects_s', ''),\r\n UserIdentity=column_ifexists('author_accountId_s', ''),\r\n SrcUserName=column_ifexists('author_displayName_s', ''),\r\n DstUserSid=column_ifexists('author_userKey_s', ''),\r\n SrcIpAddr=column_ifexists('remoteAddress_s', ''),\r\n EventCreationTime=column_ifexists('creationDate_d', ''),\r\n EventMessage=column_ifexists('summary_s', ''),\r\n EventCategoryType =column_ifexists('Category', '') \r\n | project\r\n TimeGenerated, \r\n EventVendor,\r\n EventProduct,\r\n AuthorUsername,\r\n AuthorAccountId,\r\n AuthorType,\r\n AuthorDisplayName,\r\n AuthorIsExternalCollaborator,\r\n AuthorUserKey,\r\n AuthorAccountType,\r\n AuthorPublicName,\r\n AuthorExternalCollaborator,\r\n RemoteAddress,\r\n CreationDate,\r\n Summary,\r\n Description,\r\n Category,\r\n SysAdmin,\r\n SuperAdmin,\r\n AffectedObjectName,\r\n AffectedObjectObjectType,\r\n ChangedValues,\r\n AssociatedObjects,\r\n UserIdentity,\r\n SrcUserName,\r\n DstUserSid,\r\n SrcIpAddr,\r\n EventCreationTime,\r\n EventMessage,\r\n EventCategoryType \r\n};\r\nConfluence_Audit_view\r\n",
"query": "let Confluence_Audit_view = view () { \n Confluence_Audit_CL\n | extend \n EventVendor=\"Atlassian\",\n EventProduct=\"Confluence\",\n AuthorUsername=column_ifexists('author_username_s', ''),\n\t\t AuthorUserKey=column_ifexists('author_userKey_g', ''),\n AuthorAccountId=column_ifexists('author_accountId_s', ''),\n AuthorType=column_ifexists('author_type_s', ''),\n AuthorDisplayName=column_ifexists('author_displayName_s', ''),\n AuthorIsExternalCollaborator=column_ifexists('author_isExternalCollaborator_b', ''),\n AuthorAccountType=column_ifexists('author_accountType_s', ''),\n AuthorPublicName=column_ifexists('author_publicName_s', ''),\n AuthorExternalCollaborator=column_ifexists('author_externalCollaborator_b', ''),\n RemoteAddress=column_ifexists('remoteAddress_s', ''),\n CreationDate=column_ifexists('creationDate_d', ''),\n Summary=column_ifexists('summary_s', ''),\n Description=column_ifexists('description_s', ''),\n Category=column_ifexists('Category', ''),\n SysAdmin=column_ifexists('sysAdmin_b', ''),\n SuperAdmin=column_ifexists('superAdmin_b', ''),\n AffectedObjectName=column_ifexists('affectedObject_name_s', ''),\n AffectedObjectObjectType=column_ifexists('affectedObject_objectType_s', ''),\n ChangedValues=column_ifexists('changedValues_s', ''),\n AssociatedObjects=column_ifexists('associatedObjects_s', ''),\n UserIdentity=column_ifexists('author_accountId_s', ''),\n SrcUserName=column_ifexists('author_displayName_s', ''),\n DstUserSid=column_ifexists('author_userKey_s', ''),\n SrcIpAddr=column_ifexists('remoteAddress_s', ''),\n EventCreationTime=column_ifexists('creationDate_d', ''),\n EventMessage=column_ifexists('summary_s', ''),\n EventCategoryType =column_ifexists('Category', '') \n | project\n TimeGenerated, \n EventVendor,\n EventProduct,\n AuthorUsername,\n AuthorAccountId,\n AuthorType,\n AuthorDisplayName,\n AuthorIsExternalCollaborator,\n AuthorUserKey,\n AuthorAccountType,\n AuthorPublicName,\n AuthorExternalCollaborator,\n RemoteAddress,\n CreationDate,\n Summary,\n Description,\n Category,\n SysAdmin,\n SuperAdmin,\n AffectedObjectName,\n AffectedObjectObjectType,\n ChangedValues,\n AssociatedObjects,\n UserIdentity,\n SrcUserName,\n DstUserSid,\n SrcIpAddr,\n EventCreationTime,\n EventMessage,\n EventCategoryType \n};\nConfluence_Audit_view\n",
"functionParameters": "",
"version": 1,
"version": 2,
"tags": [
{
"name": "description",
"value": "ConfluenceAudit"
"value": ""
}
]
}

2
Solutions/AtlassianConfluenceAudit/ReleaseNotes.md
Просмотреть файл

@ -1,4 +1,4 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|-------------------------------------------------------|
| 3.0.1 | 22-04-2024 | Added Deploy to Azure Gov portal button in **Data Connector** |
| 3.0.1 | 03-05-2024 | Repackaged for parser issue fix on reinstall |
| 3.0.0 | 19-07-2023 | Updated to enable solution for **Azure government**. |

Двоичные данные
Solutions/CiscoDuoSecurity/Package/3.0.2.zip
Просмотреть файл

Двоичный файл не отображается.

96
Solutions/CiscoDuoSecurity/Package/mainTemplate.json
Просмотреть файл

@ -52,8 +52,8 @@
"workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
"_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
"parserObject1": {
"_parserName1": "[concat(parameters('workspace'),'/','CiscoDuo Data Parser')]",
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'CiscoDuo Data Parser')]",
"_parserName1": "[concat(parameters('workspace'),'/','CiscoDuoSecurity Data Parser')]",
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'CiscoDuoSecurity Data Parser')]",
"parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('CiscoDuo-Parser')))]",
"parserVersion1": "1.0.0",
"parserContentId1": "CiscoDuo-Parser"
@ -1670,10 +1670,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoDuoSecurity",
"dataTypes": [
"CiscoDuo"
],
"connectorId": "CiscoDuoSecurity"
]
}
],
"tactics": [
@ -1686,8 +1686,8 @@
{
"fieldMappings": [
{
"columnName": "IPCustomEntity",
"identifier": "Address"
"identifier": "Address",
"columnName": "IPCustomEntity"
}
],
"entityType": "IP"
@ -1774,10 +1774,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoDuoSecurity",
"dataTypes": [
"CiscoDuo"
],
"connectorId": "CiscoDuoSecurity"
]
}
],
"tactics": [
@ -1790,8 +1790,8 @@
{
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
],
"entityType": "Account"
@ -1878,10 +1878,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoDuoSecurity",
"dataTypes": [
"CiscoDuo"
],
"connectorId": "CiscoDuoSecurity"
]
}
],
"tactics": [
@ -1894,8 +1894,8 @@
{
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
],
"entityType": "Account"
@ -1982,10 +1982,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoDuoSecurity",
"dataTypes": [
"CiscoDuo"
],
"connectorId": "CiscoDuoSecurity"
]
}
],
"tactics": [
@ -1998,8 +1998,8 @@
{
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
],
"entityType": "Account"
@ -2086,10 +2086,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoDuoSecurity",
"dataTypes": [
"CiscoDuo"
],
"connectorId": "CiscoDuoSecurity"
]
}
],
"tactics": [
@ -2102,8 +2102,8 @@
{
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
],
"entityType": "Account"
@ -2190,10 +2190,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoDuoSecurity",
"dataTypes": [
"CiscoDuo"
],
"connectorId": "CiscoDuoSecurity"
]
}
],
"tactics": [
@ -2206,8 +2206,8 @@
{
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
],
"entityType": "Account"
@ -2294,10 +2294,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoDuoSecurity",
"dataTypes": [
"CiscoDuo"
],
"connectorId": "CiscoDuoSecurity"
]
}
],
"tactics": [
@ -2310,8 +2310,8 @@
{
"fieldMappings": [
{
"columnName": "IPCustomEntity",
"identifier": "Address"
"identifier": "Address",
"columnName": "IPCustomEntity"
}
],
"entityType": "IP"
@ -2319,8 +2319,8 @@
{
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
],
"entityType": "Account"
@ -2407,10 +2407,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoDuoSecurity",
"dataTypes": [
"CiscoDuo"
],
"connectorId": "CiscoDuoSecurity"
]
}
],
"tactics": [
@ -2424,8 +2424,8 @@
{
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
],
"entityType": "Account"
@ -2512,10 +2512,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoDuoSecurity",
"dataTypes": [
"CiscoDuo"
],
"connectorId": "CiscoDuoSecurity"
]
}
],
"tactics": [
@ -2528,8 +2528,8 @@
{
"fieldMappings": [
{
"columnName": "IPCustomEntity",
"identifier": "Address"
"identifier": "Address",
"columnName": "IPCustomEntity"
}
],
"entityType": "IP"
@ -2537,8 +2537,8 @@
{
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
],
"entityType": "Account"
@ -2625,10 +2625,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoDuoSecurity",
"dataTypes": [
"CiscoDuo"
],
"connectorId": "CiscoDuoSecurity"
]
}
],
"tactics": [
@ -2641,8 +2641,8 @@
{
"fieldMappings": [
{
"columnName": "IPCustomEntity",
"identifier": "Address"
"identifier": "Address",
"columnName": "IPCustomEntity"
}
],
"entityType": "IP"
@ -2650,8 +2650,8 @@
{
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
],
"entityType": "Account"

2
Solutions/CiscoDuoSecurity/ReleaseNotes.md
Просмотреть файл

@ -1,5 +1,5 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|--------------------------------------------------------|
| 3.0.2 | 16-04-2024 | Added Deploy to Azure Goverment button for Government portal in **Dataconnector** |
| 3.0.2 | 16-04-2024 | Added Deploy to Azure Goverment button for Government portal in **Dataconnector**<br/> Fixed **Parser** issue for Parser name and ParentID mismatch |
| 3.0.1 | 30-01-2024 | Updated solution to fix parser query |
| 3.0.0 | 08-01-2024 | Updated solution to fix Api version of saved searches |

28
Solutions/CiscoSEG/Data/Solution_CiscoSEG.json
Просмотреть файл

@ -1,9 +1,9 @@
{
"Name": "CiscoSEG",
"Author": "Microsoft - support@microsoft.com",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/cisco-logo-72px.svg\" width=\"75px\" height=\"75px\">",
"Description": "The [Cisco Secure Email Gateway (SEG)](https://www.cisco.com/c/en/us/products/security/email-security/index.html) solution provides the capability to ingest [Cisco SEG Consolidated Event Logs](https://www.cisco.com/c/en/us/td/docs/security/esa/esa14-0/user_guide/b_ESA_Admin_Guide_14-0/b_ESA_Admin_Guide_12_1_chapter_0100111.html#con_1061902) into Microsoft Sentinel.\n\r\n1. **CiscoSEG via AMA** - This data connector helps in ingesting CiscoSEG logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **CiscoSEG via Legacy Agent** - This data connector helps in ingesting CiscoSEG logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of CiscoSEG via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
"Analytic Rules" : [
"Name": "CiscoSEG",
"Author": "Microsoft - support@microsoft.com",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/cisco-logo-72px.svg\" width=\"75px\" height=\"75px\">",
"Description": "The [Cisco Secure Email Gateway (SEG)](https://www.cisco.com/c/en/us/products/security/email-security/index.html) solution provides the capability to ingest [Cisco SEG Consolidated Event Logs](https://www.cisco.com/c/en/us/td/docs/security/esa/esa14-0/user_guide/b_ESA_Admin_Guide_14-0/b_ESA_Admin_Guide_12_1_chapter_0100111.html#con_1061902) into Microsoft Sentinel.\n\r\n1. **CiscoSEG via AMA** - This data connector helps in ingesting CiscoSEG logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](https://learn.microsoft.com/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector**.\n\r\n2. **CiscoSEG via Legacy Agent** - This data connector helps in ingesting CiscoSEG logs into your Log Analytics Workspace using the legacy Log Analytics agent.\n\n**NOTE:** Microsoft recommends installation of CiscoSEG via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
"Analytic Rules": [
"Analytic Rules/CiscoSEGDLPViolation.yaml",
"Analytic Rules/CiscoSEGMaliciousAttachmentNotBlocked.yaml",
"Analytic Rules/CiscoSEGMultipleLargeEmails.yaml",
@ -16,7 +16,7 @@
"Analytic Rules/CiscoSEGUnexpextedAttachment.yaml",
"Analytic Rules/CiscoSEGUnscannableAttachment.yaml"
],
"Hunting Queries" : [
"Hunting Queries": [
"Hunting Queries/CiscoSEGDroppedInMails.yaml",
"Hunting Queries/CiscoSEGDroppedOutMails.yaml",
"Hunting Queries/CiscoSEGFailedDKIMFailure.yaml",
@ -28,19 +28,19 @@
"Hunting Queries/CiscoSEGSpamMails.yaml",
"Hunting Queries/CiscoSEGUsersReceivedSpam.yaml"
],
"Parsers": [
"Parsers": [
"Parsers/CiscoSEGEvent.yaml"
],
"Data Connectors": [
],
"Data Connectors": [
"Data Connectors/Connector_Cisco_SEG_CEF.json",
"Data Connectors/template_CiscoSEGAMA.json"
],
"Workbooks" : [
],
"Workbooks": [
"Workbooks/CiscoSEG.json"
],
"Metadata": "SolutionMetadata.json",
"BasePath": "C:\\GitHub\\azure-sentinel\\Solutions\\CiscoSEG",
"Version": "3.0.0",
"BasePath": "C:\\GitHub\\azure-sentinel\\Solutions\\CiscoSEG",
"Version": "3.0.1",
"TemplateSpec": true,
"Is1PConnector": false
"Is1PConnector": false
}

Двоичные данные
Solutions/CiscoSEG/Package/3.0.2.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

102
Solutions/CiscoSEG/Package/mainTemplate.json
Просмотреть файл

@ -41,7 +41,7 @@
"email": "support@microsoft.com",
"_email": "[variables('email')]",
"_solutionName": "CiscoSEG",
"_solutionVersion": "3.0.1",
"_solutionVersion": "3.0.2",
"solutionId": "azuresentinel.azure-sentinel-solution-ciscoseg",
"_solutionId": "[variables('solutionId')]",
"analyticRuleObject1": {
@ -172,8 +172,8 @@
"huntingQueryTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('064b1051-d8ac-4ef2-a537-30d32b4c27d9')))]"
},
"parserObject1": {
"_parserName1": "[concat(parameters('workspace'),'/','CiscoSEGEvent Data Parser')]",
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'CiscoSEGEvent Data Parser')]",
"_parserName1": "[concat(parameters('workspace'),'/','Cisco SEG Data Parser')]",
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Cisco SEG Data Parser')]",
"parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('CiscoSEGEvent-Parser')))]",
"parserVersion1": "1.0.0",
"parserContentId1": "CiscoSEGEvent-Parser"
@ -215,7 +215,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGDLPViolation_AnalyticalRules Analytics Rule with template version 3.0.1",
"description": "CiscoSEGDLPViolation_AnalyticalRules Analytics Rule with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@ -266,8 +266,8 @@
"entityType": "Account",
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
]
}
@ -325,7 +325,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGMaliciousAttachmentNotBlocked_AnalyticalRules Analytics Rule with template version 3.0.1",
"description": "CiscoSEGMaliciousAttachmentNotBlocked_AnalyticalRules Analytics Rule with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@ -376,8 +376,8 @@
"entityType": "Account",
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
]
}
@ -435,7 +435,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGMultipleLargeEmails_AnalyticalRules Analytics Rule with template version 3.0.1",
"description": "CiscoSEGMultipleLargeEmails_AnalyticalRules Analytics Rule with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@ -486,8 +486,8 @@
"entityType": "Account",
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
]
}
@ -545,7 +545,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGMultipleSuspiciousEmails_AnalyticalRules Analytics Rule with template version 3.0.1",
"description": "CiscoSEGMultipleSuspiciousEmails_AnalyticalRules Analytics Rule with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
@ -596,8 +596,8 @@
"entityType": "Account",
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
]
}
@ -655,7 +655,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGPossibleOutbreak_AnalyticalRules Analytics Rule with template version 3.0.1",
"description": "CiscoSEGPossibleOutbreak_AnalyticalRules Analytics Rule with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
@ -706,8 +706,8 @@
"entityType": "Account",
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
]
}
@ -765,7 +765,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGPotentialLinkToMalwareDownload_AnalyticalRules Analytics Rule with template version 3.0.1",
"description": "CiscoSEGPotentialLinkToMalwareDownload_AnalyticalRules Analytics Rule with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
@ -816,8 +816,8 @@
"entityType": "Account",
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
]
}
@ -875,7 +875,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGSuspiciousLink_AnalyticalRules Analytics Rule with template version 3.0.1",
"description": "CiscoSEGSuspiciousLink_AnalyticalRules Analytics Rule with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
@ -926,8 +926,8 @@
"entityType": "Account",
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
]
}
@ -985,7 +985,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGSuspiciousSenderDomain_AnalyticalRules Analytics Rule with template version 3.0.1",
"description": "CiscoSEGSuspiciousSenderDomain_AnalyticalRules Analytics Rule with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]",
@ -1036,8 +1036,8 @@
"entityType": "Account",
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
]
}
@ -1095,7 +1095,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGUnclassifiedLink_AnalyticalRules Analytics Rule with template version 3.0.1",
"description": "CiscoSEGUnclassifiedLink_AnalyticalRules Analytics Rule with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]",
@ -1146,8 +1146,8 @@
"entityType": "Account",
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
]
}
@ -1205,7 +1205,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGUnexpextedAttachment_AnalyticalRules Analytics Rule with template version 3.0.1",
"description": "CiscoSEGUnexpextedAttachment_AnalyticalRules Analytics Rule with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]",
@ -1256,8 +1256,8 @@
"entityType": "Account",
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
]
}
@ -1315,7 +1315,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGUnscannableAttachment_AnalyticalRules Analytics Rule with template version 3.0.1",
"description": "CiscoSEGUnscannableAttachment_AnalyticalRules Analytics Rule with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject11').analyticRuleVersion11]",
@ -1366,8 +1366,8 @@
"entityType": "Account",
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "Name"
"identifier": "Name",
"columnName": "AccountCustomEntity"
}
]
}
@ -1425,7 +1425,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGDroppedInMails_HuntingQueries Hunting Query with template version 3.0.1",
"description": "CiscoSEGDroppedInMails_HuntingQueries Hunting Query with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
@ -1510,7 +1510,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGDroppedOutMails_HuntingQueries Hunting Query with template version 3.0.1",
"description": "CiscoSEGDroppedOutMails_HuntingQueries Hunting Query with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
@ -1595,7 +1595,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGFailedDKIMFailure_HuntingQueries Hunting Query with template version 3.0.1",
"description": "CiscoSEGFailedDKIMFailure_HuntingQueries Hunting Query with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
@ -1680,7 +1680,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGFailedDMARKFailure_HuntingQueries Hunting Query with template version 3.0.1",
"description": "CiscoSEGFailedDMARKFailure_HuntingQueries Hunting Query with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
@ -1765,7 +1765,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGFailedSPFFailure_HuntingQueries Hunting Query with template version 3.0.1",
"description": "CiscoSEGFailedSPFFailure_HuntingQueries Hunting Query with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
@ -1850,7 +1850,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGFailedTLSIn_HuntingQueries Hunting Query with template version 3.0.1",
"description": "CiscoSEGFailedTLSIn_HuntingQueries Hunting Query with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
@ -1935,7 +1935,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGFailedTLSOut_HuntingQueries Hunting Query with template version 3.0.1",
"description": "CiscoSEGFailedTLSOut_HuntingQueries Hunting Query with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
@ -2020,7 +2020,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGInsecureProtocol_HuntingQueries Hunting Query with template version 3.0.1",
"description": "CiscoSEGInsecureProtocol_HuntingQueries Hunting Query with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
@ -2105,7 +2105,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGSpamMails_HuntingQueries Hunting Query with template version 3.0.1",
"description": "CiscoSEGSpamMails_HuntingQueries Hunting Query with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]",
@ -2190,7 +2190,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGUsersReceivedSpam_HuntingQueries Hunting Query with template version 3.0.1",
"description": "CiscoSEGUsersReceivedSpam_HuntingQueries Hunting Query with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]",
@ -2275,7 +2275,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEGEvent Data Parser with template version 3.0.1",
"description": "CiscoSEGEvent Data Parser with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject1').parserVersion1]",
@ -2407,7 +2407,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEG data connector with template version 3.0.1",
"description": "CiscoSEG data connector with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion1')]",
@ -2754,7 +2754,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEG data connector with template version 3.0.1",
"description": "CiscoSEG data connector with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion2')]",
@ -3079,7 +3079,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CiscoSEG Workbook with template version 3.0.1",
"description": "CiscoSEG Workbook with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('workbookVersion1')]",
@ -3167,7 +3167,7 @@
"apiVersion": "2023-04-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
"version": "3.0.1",
"version": "3.0.2",
"kind": "Solution",
"contentSchemaVersion": "3.0.0",
"displayName": "CiscoSEG",

1
Solutions/CiscoSEG/ReleaseNotes.md
Просмотреть файл

@ -1,5 +1,6 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|--------------------------------------------------------------------|
| 3.0.2 | 03-05-2024 | Repackaged for parser issue fix on reinstall |
| 3.0.1 | 30-04-2024 | Updated the **Data Connector** to fix conectivity criteria query |
| 3.0.0 | 28-09-2023 | Addition of new CiscoSEG AMA **Data Connector** | |

Двоичные данные
Solutions/CiscoUmbrella/Package/3.0.1.zip
Просмотреть файл

Двоичный файл не отображается.

124
Solutions/CiscoUmbrella/Package/mainTemplate.json
Просмотреть файл

@ -181,8 +181,8 @@
"huntingQueryTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('de2ec986-ee24-465f-adf2-b718997074c1')))]"
},
"parserObject1": {
"_parserName1": "[concat(parameters('workspace'),'/','Cisco_Umbrella Data Parser')]",
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Cisco_Umbrella Data Parser')]",
"_parserName1": "[concat(parameters('workspace'),'/','CiscoUmbrella Data Parser')]",
"_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'CiscoUmbrella Data Parser')]",
"parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('Cisco_Umbrella-Parser')))]",
"parserVersion1": "1.0.0",
"parserContentId1": "Cisco_Umbrella-Parser"
@ -882,10 +882,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoUmbrellaDataConnector",
"dataTypes": [
"Cisco_Umbrella_proxy_CL"
],
"connectorId": "CiscoUmbrellaDataConnector"
]
}
],
"tactics": [
@ -894,22 +894,22 @@
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"identifier": "FullName",
"columnName": "AccountCustomEntity"
}
]
],
"entityType": "Account"
},
{
"entityType": "IP",
"fieldMappings": [
{
"identifier": "Address",
"columnName": "IPCustomEntity"
}
]
],
"entityType": "IP"
}
]
}
@ -993,10 +993,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoUmbrellaDataConnector",
"dataTypes": [
"Cisco_Umbrella_proxy_CL"
],
"connectorId": "CiscoUmbrellaDataConnector"
]
}
],
"tactics": [
@ -1004,22 +1004,22 @@
],
"entityMappings": [
{
"entityType": "URL",
"fieldMappings": [
{
"identifier": "Url",
"columnName": "UrlCustomEntity"
}
]
],
"entityType": "URL"
},
{
"entityType": "IP",
"fieldMappings": [
{
"identifier": "Address",
"columnName": "IPCustomEntity"
}
]
],
"entityType": "IP"
}
]
}
@ -1103,10 +1103,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoUmbrellaDataConnector",
"dataTypes": [
"Cisco_Umbrella_proxy_CL"
],
"connectorId": "CiscoUmbrellaDataConnector"
]
}
],
"tactics": [
@ -1114,22 +1114,22 @@
],
"entityMappings": [
{
"entityType": "URL",
"fieldMappings": [
{
"identifier": "Url",
"columnName": "UrlCustomEntity"
}
]
],
"entityType": "URL"
},
{
"entityType": "IP",
"fieldMappings": [
{
"identifier": "Address",
"columnName": "IPCustomEntity"
}
]
],
"entityType": "IP"
}
]
}
@ -1213,10 +1213,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoUmbrellaDataConnector",
"dataTypes": [
"Cisco_Umbrella_proxy_CL"
],
"connectorId": "CiscoUmbrellaDataConnector"
]
}
],
"tactics": [
@ -1224,22 +1224,22 @@
],
"entityMappings": [
{
"entityType": "URL",
"fieldMappings": [
{
"identifier": "Url",
"columnName": "UrlCustomEntity"
}
]
],
"entityType": "URL"
},
{
"entityType": "IP",
"fieldMappings": [
{
"identifier": "Address",
"columnName": "IPCustomEntity"
}
]
],
"entityType": "IP"
}
]
}
@ -1323,10 +1323,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoUmbrellaDataConnector",
"dataTypes": [
"Cisco_Umbrella_proxy_CL"
],
"connectorId": "CiscoUmbrellaDataConnector"
]
}
],
"tactics": [
@ -1334,22 +1334,22 @@
],
"entityMappings": [
{
"entityType": "URL",
"fieldMappings": [
{
"identifier": "Url",
"columnName": "UrlCustomEntity"
}
]
],
"entityType": "URL"
},
{
"entityType": "IP",
"fieldMappings": [
{
"identifier": "Address",
"columnName": "IPCustomEntity"
}
]
],
"entityType": "IP"
}
]
}
@ -1433,10 +1433,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoUmbrellaDataConnector",
"dataTypes": [
"Cisco_Umbrella_proxy_CL"
],
"connectorId": "CiscoUmbrellaDataConnector"
]
}
],
"tactics": [
@ -1445,22 +1445,22 @@
],
"entityMappings": [
{
"entityType": "URL",
"fieldMappings": [
{
"identifier": "Url",
"columnName": "UrlCustomEntity"
}
]
],
"entityType": "URL"
},
{
"entityType": "IP",
"fieldMappings": [
{
"identifier": "Address",
"columnName": "IPCustomEntity"
}
]
],
"entityType": "IP"
}
]
}
@ -1544,10 +1544,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoUmbrellaDataConnector",
"dataTypes": [
"Cisco_Umbrella_proxy_CL"
],
"connectorId": "CiscoUmbrellaDataConnector"
]
}
],
"tactics": [
@ -1555,22 +1555,22 @@
],
"entityMappings": [
{
"entityType": "URL",
"fieldMappings": [
{
"identifier": "Url",
"columnName": "UrlCustomEntity"
}
]
],
"entityType": "URL"
},
{
"entityType": "IP",
"fieldMappings": [
{
"identifier": "Address",
"columnName": "IPCustomEntity"
}
]
],
"entityType": "IP"
}
]
}
@ -1654,10 +1654,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoUmbrellaDataConnector",
"dataTypes": [
"Cisco_Umbrella_proxy_CL"
],
"connectorId": "CiscoUmbrellaDataConnector"
]
}
],
"tactics": [
@ -1666,22 +1666,22 @@
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"identifier": "FullName",
"columnName": "AccountCustomEntity"
}
]
],
"entityType": "Account"
},
{
"entityType": "IP",
"fieldMappings": [
{
"identifier": "Address",
"columnName": "IPCustomEntity"
}
]
],
"entityType": "IP"
}
]
}
@ -1765,10 +1765,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoUmbrellaDataConnector",
"dataTypes": [
"Cisco_Umbrella_proxy_CL"
],
"connectorId": "CiscoUmbrellaDataConnector"
]
}
],
"tactics": [
@ -1776,22 +1776,22 @@
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"identifier": "FullName",
"columnName": "AccountCustomEntity"
}
]
],
"entityType": "Account"
},
{
"entityType": "IP",
"fieldMappings": [
{
"identifier": "Address",
"columnName": "IPCustomEntity"
}
]
],
"entityType": "IP"
}
]
}
@ -1875,10 +1875,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "CiscoUmbrellaDataConnector",
"dataTypes": [
"Cisco_Umbrella_proxy_CL"
],
"connectorId": "CiscoUmbrellaDataConnector"
]
}
],
"tactics": [
@ -1886,22 +1886,22 @@
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"identifier": "FullName",
"columnName": "AccountCustomEntity"
}
]
],
"entityType": "Account"
},
{
"entityType": "IP",
"fieldMappings": [
{
"identifier": "Address",
"columnName": "IPCustomEntity"
}
]
],
"entityType": "IP"
}
]
}

153
Solutions/CiscoUmbrella/Parsers/Cisco_Umbrella
Просмотреть файл

@ -1,153 +0,0 @@
// Usage Instruction :
// Paste below query in log analytics, click on Save button and select as Function from drop down by specifying function name and alias as Cisco_Umbrella.
// Function usually takes 10-15 minutes to activate. You can then use function alias from any other queries (e.g. Cisco_Umbrella | take 10).
// Reference : Using functions in Azure monitor log queries : https://docs.microsoft.com/azure/azure-monitor/log-query/functions
let Cisco_Umbrella_dns_view = view () {
Cisco_Umbrella_dns_CL
| extend
EventEndTime=column_ifexists('Timestamp_t', ''),
SrcIpAddr=column_ifexists('InternalIp_s', ''),
SrcNatIpAddr=column_ifexists('ExternalIp_s', ''),
DvcAction=column_ifexists('Action_s', ''),
DnsQueryName=column_ifexists('Domain_s', ''),
UrlCategory=column_ifexists('Categories_s', ''),
ThreatCategory=column_ifexists('Blocked_Categories_s', ''),
Identities=column_ifexists('Identities_s', ''),
DnsQueryTypeName=column_ifexists('QueryType_s', ''),
DnsResponseCodeName=column_ifexists('ResponseCode_s', ''),
IdentityTypes=column_ifexists('Identity_Types_s', ''),
EventType=column_ifexists('EventType_s', ''),
PolicyIdentity=column_ifexists('Policy_Identity_s', ''),
PolicyIdentityType=column_ifexists('Policy_Identity_Type_s', '')
| project
TimeGenerated,
EventEndTime,
SrcIpAddr,
SrcNatIpAddr,
DvcAction,
DnsQueryName,
UrlCategory,
ThreatCategory,
Identities,
DnsQueryTypeName,
DnsResponseCodeName,
IdentityTypes,
EventType,
PolicyIdentity,
PolicyIdentityType
};
let Cisco_Umbrella_proxy_view = view () {
Cisco_Umbrella_proxy_CL
| extend
EventType=column_ifexists('EventType_s', ''),
EventEndTime=column_ifexists('Timestamp_t', ''),
Identities=column_ifexists('Identities_s', ''),
SrcIpAddr=column_ifexists('Internal_IP_s', ''),
SrcNatIpAddr=column_ifexists('External_IP_s', ''),
DstIpAddr=column_ifexists('Destination_IP_s', ''),
HttpContentType=column_ifexists('Content_Type_s', ''),
DvcAction=column_ifexists('Verdict_s', ''),
UrlOriginal=column_ifexists('URL_s', ''),
HttpReferrerOriginal=column_ifexists('Referer_s', ''),
HttpUserAgentOriginal=column_ifexists('userAgent_s', ''),
HttpStatusCode=column_ifexists('statusCode_s', ''),
SrcBytes=column_ifexists('requestSize_d', ''),
DstBytes=column_ifexists('responseSize_d', ''),
HttpResponseBodyBytes=column_ifexists('responseBodySize_d', ''),
HashSha256=column_ifexists('SHA-SHA256_s', ''),
UrlCategory=column_ifexists('Categories_s', ''),
AvDetections=column_ifexists('AVDetections_s', ''),
Puas=column_ifexists('PUAs_s', ''),
AmpDisposition=column_ifexists('AMP_Disposition_s', ''),
ThreatName=column_ifexists('AMP_Malware_Name_s', ''),
AmpScore=column_ifexists('AMP_Score_s', ''),
IdentityType=column_ifexists('Identity_Type_s', ''),
ThreatCategory=column_ifexists('Blocked_Categories_s', '')
| project
TimeGenerated,
EventType,
EventEndTime,
Identities,
SrcIpAddr,
SrcNatIpAddr,
DstIpAddr,
HttpContentType,
DvcAction,
UrlOriginal,
HttpReferrerOriginal,
HttpUserAgentOriginal,
HttpStatusCode,
SrcBytes,
DstBytes,
HttpResponseBodyBytes,
HashSha256,
UrlCategory,
AvDetections,
Puas,
AmpDisposition,
ThreatName,
AmpScore,
IdentityType,
ThreatCategory
};
let Cisco_Umbrella_ip_view = view () {
Cisco_Umbrella_ip_CL
| extend
EventType=column_ifexists('EventType_s', ''),
EventEndTime=column_ifexists('Timestamp_t', ''),
Identities=column_ifexists('Identity_s', ''),
SrcIpAddr=column_ifexists('Source_IP_s', ''),
SrcPortNumber=column_ifexists('Source_Port_s', ''),
DstIpAddr=column_ifexists('Destination_IP_s', ''),
DstPortNumber=column_ifexists('Destination_Port_s', ''),
UrlCategory=column_ifexists('Categories_s', '')
| project
TimeGenerated,
EventType,
EventEndTime,
Identities,
SrcIpAddr,
SrcPortNumber,
DstIpAddr,
DstPortNumber,
UrlCategory
};
let Cisco_Umbrella_cloudfirewall_view = view () {
Cisco_Umbrella_cloudfirewall_CL
| extend
EventType=column_ifexists('EventType_s', ''),
EventEndTime=column_ifexists('Timestamp_t', ''),
NetworkSessionId=column_ifexists('originId_s', ''),
NetworkRuleName=column_ifexists('Identity_s', ''),
IdentityType=column_ifexists('Identity_Type_s', ''),
NetworkDirection=column_ifexists('Direction_s', ''),
NetworkProtocol=column_ifexists('ipProtocol_s', ''),
NetworkPackets=column_ifexists('packetSize_s', ''),
SrcIpAddr=column_ifexists('SourceIP', ''),
SrcPortNumber=column_ifexists('sourcePort_s', ''),
DstIpAddr=column_ifexists('destinationIp_s', ''),
DstPortNumber=column_ifexists('destinationPort_s', ''),
DvcHostname=column_ifexists('dataCenter_s', ''),
NetworkRuleNumber=column_ifexists('ruleId_s', ''),
DvcAction=column_ifexists('verdict_s', '')
| project
TimeGenerated,
EventType,
EventEndTime,
NetworkSessionId,
NetworkRuleName,
IdentityType,
NetworkDirection,
NetworkProtocol,
NetworkPackets,
SrcIpAddr,
SrcPortNumber,
DstIpAddr,
DstPortNumber,
DvcHostname,
NetworkRuleNumber,
DvcAction
};
union isfuzzy=true Cisco_Umbrella_dns_view, Cisco_Umbrella_proxy_view, Cisco_Umbrella_ip_view, Cisco_Umbrella_cloudfirewall_view

2
Solutions/CiscoUmbrella/ReleaseNotes.md
Просмотреть файл

@ -1,4 +1,4 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|--------------------------------------------------------|
| 3.0.1 | 15-04-2024 | Added Deploy to Azure Government button in **Data connector**|
| 3.0.1 | 03-05-2024 | Added Deploy to Azure Government button in **Data connector** <br/> Fixed **Parser** issue for Parser name and ParentID mismatch|
| 3.0.0 | 28-09-2023 | Updated **Data Connector** with step by step guidelines |

6
Solutions/Corelight/Data/Solution_Corelight.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"Name": "Corelight",
"Author": "Corelight - info@corelight.com",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Corelight/Data Connectors/Logo/corelight.svg\" width=\"75px\" height=\"75px\">",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Corelight/Data%20Connectors/Logo/corelight.svg\" width=\"75px\" height=\"75px\">",
"Description": "The [Corelight](https://corelight.com/) solution provides the capability to ingest events from [Zeek](https://zeek.org/) and [Suricata](https://suricata.io/) via Corelight Sensors into Microsoft Sentinel.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Agent based logs collection from Windows and Linux machines](https://docs.microsoft.com/azure/azure-monitor/agents/data-sources-custom-logs)",
"WorkbookDescription": "Sample Corelight workbook",
"Workbooks": [
@ -144,8 +144,8 @@
"Hunting Queries/CorelightRarePOST.yaml",
"Hunting Queries/CorelightRepetitiveDnsFailures.yaml"
],
"BasePath": "/home/esk/src/Azure-Sentinel/Solutions/Corelight",
"Version": "3.0.1",
"BasePath": "C:/Github/Azure-Sentinel/Solutions/Corelight",
"Version": "3.0.2",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
"Is1Pconnector": false

Двоичные данные
Solutions/Corelight/Package/3.0.2.zip
Просмотреть файл

Двоичный файл не отображается.

2
Solutions/Corelight/Package/createUiDefinition.json
Просмотреть файл

@ -6,7 +6,7 @@
"config": {
"isWizard": false,
"basics": {
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Corelight/Data Connectors/Logo/corelight.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Corelight/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Corelight](https://corelight.com/) solution provides the capability to ingest events from [Zeek](https://zeek.org/) and [Suricata](https://suricata.io/) via Corelight Sensors into Microsoft Sentinel.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Agent based logs collection from Windows and Linux machines](https://docs.microsoft.com/azure/azure-monitor/agents/data-sources-custom-logs)\n\n**Data Connectors:** 1, **Parsers:** 108, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Corelight/Data%20Connectors/Logo/corelight.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Corelight/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Corelight](https://corelight.com/) solution provides the capability to ingest events from [Zeek](https://zeek.org/) and [Suricata](https://suricata.io/) via Corelight Sensors into Microsoft Sentinel.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Agent based logs collection from Windows and Linux machines](https://docs.microsoft.com/azure/azure-monitor/agents/data-sources-custom-logs)\n\n**Data Connectors:** 1, **Parsers:** 108, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",

496
Solutions/Corelight/Package/mainTemplate.json
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

2
Solutions/Corelight/ReleaseNotes.md
Просмотреть файл

@ -1,6 +1,6 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|--------------------------------------------------------------------|
| 3.0.2 | 31-01-2024 | Updated **Parser** Corelight <br/> Updated tactics of **Hunting Query** Corelight - Repetitive DNS Failures |
| 3.0.2 | 03-05-2024 | Repacakged for parser issue fix while reinstallation |
| 3.0.1 | 16-11-2023 | Updated package mainTemplate variables |
| 3.0.0 | 20-09-2023 | Changed backend format to use separate tables with parsed values |
| 2.0.0 | 10-06-2022 | Updated **Workbooks** |

Двоичные данные
Solutions/CrowdStrike Falcon Endpoint Protection/Package/3.0.4.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

7
Solutions/CrowdStrike Falcon Endpoint Protection/Package/createUiDefinition.json
Просмотреть файл

@ -70,13 +70,6 @@
"text": "This Solution installs the data connector for CrowdStrike Falcon Endpoint Protection. You can get CrowdStrike Falcon Endpoint Protection CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
}
},
{
"name": "dataconnectors3-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This Solution installs the data connector for CrowdStrike Falcon Endpoint Protection. You can get CrowdStrike Falcon Endpoint Protection custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
}
},
{
"name": "dataconnectors-parser-text",
"type": "Microsoft.Common.TextBlock",

118
Solutions/CrowdStrike Falcon Endpoint Protection/Package/mainTemplate.json
Просмотреть файл

@ -41,7 +41,7 @@
"email": "support@microsoft.com",
"_email": "[variables('email')]",
"_solutionName": "CrowdStrike Falcon Endpoint Protection",
"_solutionVersion": "3.0.3",
"_solutionVersion": "3.0.4",
"solutionId": "azuresentinel.azure-sentinel-solution-crowdstrikefalconep",
"_solutionId": "[variables('solutionId')]",
"uiConfigId1": "CrowdstrikeReplicator",
@ -160,7 +160,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CrowdStrike Falcon Endpoint Protection data connector with template version 3.0.3",
"description": "CrowdStrike Falcon Endpoint Protection data connector with template version 3.0.4",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion1')]",
@ -511,7 +511,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CrowdStrike Falcon Endpoint Protection data connector with template version 3.0.3",
"description": "CrowdStrike Falcon Endpoint Protection data connector with template version 3.0.4",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion2')]",
@ -860,7 +860,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CrowdStrike Falcon Endpoint Protection data connector with template version 3.0.3",
"description": "CrowdStrike Falcon Endpoint Protection data connector with template version 3.0.4",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion3')]",
@ -1244,7 +1244,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CrowdStrike Falcon Endpoint Protection data connector with template version 3.0.3",
"description": "CrowdStrike Falcon Endpoint Protection data connector with template version 3.0.4",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion4')]",
@ -1577,7 +1577,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CrowdStrikeFalconEventStream Data Parser with template version 3.0.3",
"description": "CrowdStrikeFalconEventStream Data Parser with template version 3.0.4",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject1').parserVersion1]",
@ -1613,7 +1613,7 @@
"[variables('parserObject1')._parserId1]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for CrowdstrikeFalconEventStream')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'CrowdStrikeFalconEventStream Data Parser')]",
"contentId": "[variables('parserObject1').parserContentId1]",
"kind": "Parser",
"version": "[variables('parserObject1').parserVersion1]",
@ -1679,7 +1679,7 @@
"[variables('parserObject1')._parserId1]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for CrowdstrikeFalconEventStream')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'CrowdStrikeFalconEventStream Data Parser')]",
"contentId": "[variables('parserObject1').parserContentId1]",
"kind": "Parser",
"version": "[variables('parserObject1').parserVersion1]",
@ -1709,7 +1709,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CrowdstrikeReplicator Data Parser with template version 3.0.3",
"description": "CrowdstrikeReplicator Data Parser with template version 3.0.4",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject2').parserVersion2]",
@ -1745,7 +1745,7 @@
"[variables('parserObject2')._parserId2]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Union Parser for all CrowdStrike Falcon Data Replicator V1 and V2 events')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'CrowdstrikeReplicator Data Parser')]",
"contentId": "[variables('parserObject2').parserContentId2]",
"kind": "Parser",
"version": "[variables('parserObject2').parserVersion2]",
@ -1811,7 +1811,7 @@
"[variables('parserObject2')._parserId2]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Union Parser for all CrowdStrike Falcon Data Replicator V1 and V2 events')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'CrowdstrikeReplicator Data Parser')]",
"contentId": "[variables('parserObject2').parserContentId2]",
"kind": "Parser",
"version": "[variables('parserObject2').parserVersion2]",
@ -1841,7 +1841,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CrowdStrikeReplicatorV2 Data Parser with template version 3.0.3",
"description": "CrowdStrikeReplicatorV2 Data Parser with template version 3.0.4",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject3').parserVersion3]",
@ -1877,7 +1877,7 @@
"[variables('parserObject3')._parserId3]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Union Parser for all CrowdStrike Falcon Data Replicator events')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'CrowdStrikeReplicatorV2 Data Parser')]",
"contentId": "[variables('parserObject3').parserContentId3]",
"kind": "Parser",
"version": "[variables('parserObject3').parserVersion3]",
@ -1943,7 +1943,7 @@
"[variables('parserObject3')._parserId3]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Union Parser for all CrowdStrike Falcon Data Replicator events')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'CrowdStrikeReplicatorV2 Data Parser')]",
"contentId": "[variables('parserObject3').parserContentId3]",
"kind": "Parser",
"version": "[variables('parserObject3').parserVersion3]",
@ -1973,7 +1973,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CrowdStrikeFalconEndpointProtection Workbook with template version 3.0.3",
"description": "CrowdStrikeFalconEndpointProtection Workbook with template version 3.0.4",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('workbookVersion1')]",
@ -2061,7 +2061,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CriticalOrHighSeverityDetectionsByUser_AnalyticalRules Analytics Rule with template version 3.0.3",
"description": "CriticalOrHighSeverityDetectionsByUser_AnalyticalRules Analytics Rule with template version 3.0.4",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@ -2103,44 +2103,44 @@
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "FullName"
"identifier": "FullName",
"columnName": "AccountCustomEntity"
}
]
],
"entityType": "Account"
},
{
"entityType": "Host",
"fieldMappings": [
{
"columnName": "HostCustomEntity",
"identifier": "FullName"
"identifier": "FullName",
"columnName": "HostCustomEntity"
}
]
],
"entityType": "Host"
},
{
"entityType": "IP",
"fieldMappings": [
{
"columnName": "IPCustomEntity",
"identifier": "Address"
"identifier": "Address",
"columnName": "IPCustomEntity"
}
]
],
"entityType": "IP"
},
{
"entityType": "FileHash",
"fieldMappings": [
{
"columnName": "FileHashAlgo",
"identifier": "Algorithm"
"identifier": "Algorithm",
"columnName": "FileHashAlgo"
},
{
"columnName": "FileHashCustomEntity",
"identifier": "Value"
"identifier": "Value",
"columnName": "FileHashCustomEntity"
}
]
],
"entityType": "FileHash"
}
]
}
@ -2196,7 +2196,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CriticalSeverityDetection_AnalyticalRules Analytics Rule with template version 3.0.3",
"description": "CriticalSeverityDetection_AnalyticalRules Analytics Rule with template version 3.0.4",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@ -2238,44 +2238,44 @@
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"columnName": "AccountCustomEntity",
"identifier": "FullName"
"identifier": "FullName",
"columnName": "AccountCustomEntity"
}
]
],
"entityType": "Account"
},
{
"entityType": "Host",
"fieldMappings": [
{
"columnName": "HostCustomEntity",
"identifier": "FullName"
"identifier": "FullName",
"columnName": "HostCustomEntity"
}
]
],
"entityType": "Host"
},
{
"entityType": "IP",
"fieldMappings": [
{
"columnName": "IPCustomEntity",
"identifier": "Address"
"identifier": "Address",
"columnName": "IPCustomEntity"
}
]
],
"entityType": "IP"
},
{
"entityType": "FileHash",
"fieldMappings": [
{
"columnName": "FileHashAlgo",
"identifier": "Algorithm"
"identifier": "Algorithm",
"columnName": "FileHashAlgo"
},
{
"columnName": "FileHashCustomEntity",
"identifier": "Value"
"identifier": "Value",
"columnName": "FileHashCustomEntity"
}
]
],
"entityType": "FileHash"
}
]
}
@ -2331,7 +2331,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CrowdStrike_Base Playbook with template version 3.0.3",
"description": "CrowdStrike_Base Playbook with template version 3.0.4",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion1')]",
@ -2351,7 +2351,7 @@
}
},
"ClientSecret": {
"type": "securestring",
"type": "string",
"defaultValue": "ClientSecret",
"metadata": {
"description": "The client secret from key vault"
@ -2501,7 +2501,7 @@
"variables": [
{
"name": "ClientSecret",
"type": "securestring",
"type": "string",
"value": "[[parameters('ClientSecret')]"
}
]
@ -2707,7 +2707,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Crowdstrike-EndpointEnrichment Playbook with template version 3.0.3",
"description": "Crowdstrike-EndpointEnrichment Playbook with template version 3.0.4",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion2')]",
@ -4162,7 +4162,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Crowdstrike-ContainHost Playbook with template version 3.0.3",
"description": "Crowdstrike-ContainHost Playbook with template version 3.0.4",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion3')]",
@ -5277,7 +5277,7 @@
"apiVersion": "2023-04-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
"version": "3.0.3",
"version": "3.0.4",
"kind": "Solution",
"contentSchemaVersion": "3.0.0",
"displayName": "CrowdStrike Falcon Endpoint Protection",

1
Solutions/CrowdStrike Falcon Endpoint Protection/ReleaseNotes.md
Просмотреть файл

@ -1,5 +1,6 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|--------------------------------------------------------------------------------|
| 3.0.4 | 03-05-2024 | Fixed **Parser** issue for Parser name and ParentID mismatch |
| 3.0.3 | 10-04-2024 | Added Azure Deploy button for government portal deployments |
| 3.0.2 | 14-02-2024 | Addition of new CrowdStrike Falcon Endpoint Protection AMA **Data Connector** |
| 3.0.1 | 31-01-2024 | **Data Connector**[Crowdstrike Falcon Data Replicator V2] globally available |

Двоичные данные
Solutions/CyberArkAudit/Package/3.0.1.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

6
Solutions/CyberArkAudit/Package/mainTemplate.json
Просмотреть файл

@ -33,7 +33,7 @@
"email": "BizDevTech@cyberark.com",
"_email": "[variables('email')]",
"_solutionName": "CyberArkAudit",
"_solutionVersion": "3.0.0",
"_solutionVersion": "3.0.1",
"solutionId": "cyberark.cyberark_audit_sentinel",
"_solutionId": "[variables('solutionId')]",
"uiConfigId1": "CyberArkAudit",
@ -57,7 +57,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "CyberArkAudit data connector with template version 3.0.0",
"description": "CyberArkAudit data connector with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion1')]",
@ -396,7 +396,7 @@
"apiVersion": "2023-04-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
"version": "3.0.0",
"version": "3.0.1",
"kind": "Solution",
"contentSchemaVersion": "3.0.0",
"displayName": "CyberArkAudit",

7
Solutions/CyberArkAudit/ReleaseNotes.md
Просмотреть файл

@ -1,5 +1,6 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|----------------------------------------------------|
| 3.0.0 | 03-04-2024 | Initial Solution Release. |
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|---------------------------------------------------------|
| 3.0.0 | 03-04-2024 | Initial Solution Release. |
| 3.0.1 | 29-04-2024 | Configuration procedure update. |

2
Solutions/Dataminr Pulse/Data/Solution_DataminrPulse.json
Просмотреть файл

@ -27,7 +27,7 @@
"Data Connectors/DataminrPulseAlerts/DataminrPulseAlerts_FunctionApp.json"
],
"BasePath": "C:\\Azure-Sentinel\\Solutions\\Dataminr Pulse",
"Version": "3.0.1",
"Version": "3.0.3",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
"Is1PConnector": false

Двоичные данные
Solutions/Dataminr Pulse/Package/3.0.3.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

2
Solutions/Dataminr Pulse/Package/createUiDefinition.json
Просмотреть файл

@ -6,7 +6,7 @@
"config": {
"isWizard": false,
"basics": {
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/DataminrPulse.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dataminr%20Pulse/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nDataminr Pulse brings the most advanced AI-powered real-time intelligence into Microsoft Sentinel, easily fitting into your workflows and enabling rapid identification and mitigation of emerging threats so you can deliver faster time to detection and response.\n\n**Data Connectors:** 1, **Parsers:** 2, **Workbooks:** 1, **Analytic Rules:** 1, **Watchlists:** 5, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/DataminrPulse.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Dataminr%20Pulse/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nDataminr Pulse brings the most advanced AI-powered real-time intelligence into Microsoft Sentinel, easily fitting into your workflows and enabling rapid identification and mitigation of emerging threats so you can deliver faster time to detection and response.\n\n**Data Connectors:** 1, **Parsers:** 2, **Workbooks:** 1, **Analytic Rules:** 1, **Watchlists:** 5, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",

46
Solutions/Dataminr Pulse/Package/mainTemplate.json
Просмотреть файл

@ -81,7 +81,7 @@
"email": "info@dataminr.com",
"_email": "[variables('email')]",
"_solutionName": "Dataminr Pulse",
"_solutionVersion": "3.0.2",
"_solutionVersion": "3.0.3",
"solutionId": "dataminrinc1648845584891.dataminr_sentinel",
"_solutionId": "[variables('solutionId')]",
"analyticRuleObject1": {
@ -152,7 +152,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "DataminrSentinelAlerts_AnalyticalRules Analytics Rule with template version 3.0.2",
"description": "DataminrSentinelAlerts_AnalyticalRules Analytics Rule with template version 3.0.3",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@ -162,7 +162,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
"apiVersion": "2022-04-01-preview",
"apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@ -180,10 +180,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "DataminrPulseAlerts",
"dataTypes": [
"DataminrPulseAlerts"
],
"connectorId": "DataminrPulseAlerts"
]
}
],
"tactics": [
@ -197,8 +197,8 @@
"entityType": "URL",
"fieldMappings": [
{
"identifier": "Url",
"columnName": "PostLink"
"columnName": "PostLink",
"identifier": "Url"
}
]
}
@ -266,7 +266,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "DataminrPulseAlerts Workbook with template version 3.0.2",
"description": "DataminrPulseAlerts Workbook with template version 3.0.3",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('workbookVersion1')]",
@ -444,7 +444,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "DataminrPulseAlertEnrichment Playbook with template version 3.0.2",
"description": "DataminrPulseAlertEnrichment Playbook with template version 3.0.3",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion1')]",
@ -3000,7 +3000,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "DataminrPulseAlerts Data Parser with template version 3.0.2",
"description": "DataminrPulseAlerts Data Parser with template version 3.0.3",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject1').parserVersion1]",
@ -3036,7 +3036,7 @@
"[variables('parserObject1')._parserId1]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for DataminrPulseAlerts')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'DataminrPulseAlerts')]",
"contentId": "[variables('parserObject1').parserContentId1]",
"kind": "Parser",
"version": "[variables('parserObject1').parserVersion1]",
@ -3102,7 +3102,7 @@
"[variables('parserObject1')._parserId1]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for DataminrPulseAlerts')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'DataminrPulseAlerts')]",
"contentId": "[variables('parserObject1').parserContentId1]",
"kind": "Parser",
"version": "[variables('parserObject1').parserVersion1]",
@ -3132,7 +3132,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "DataminrPulseCyberAlerts Data Parser with template version 3.0.2",
"description": "DataminrPulseCyberAlerts Data Parser with template version 3.0.3",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject2').parserVersion2]",
@ -3168,7 +3168,7 @@
"[variables('parserObject2')._parserId2]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for DataminrPulseCyberAlerts')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'DataminrPulseCyberAlerts')]",
"contentId": "[variables('parserObject2').parserContentId2]",
"kind": "Parser",
"version": "[variables('parserObject2').parserVersion2]",
@ -3234,7 +3234,7 @@
"[variables('parserObject2')._parserId2]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for DataminrPulseCyberAlerts')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'DataminrPulseCyberAlerts')]",
"contentId": "[variables('parserObject2').parserContentId2]",
"kind": "Parser",
"version": "[variables('parserObject2').parserVersion2]",
@ -3264,7 +3264,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Dataminr Pulse data connector with template version 3.0.2",
"description": "Dataminr Pulse data connector with template version 3.0.3",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion1')]",
@ -3667,12 +3667,12 @@
"apiVersion": "2023-04-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
"version": "3.0.2",
"version": "3.0.3",
"kind": "Solution",
"contentSchemaVersion": "3.0.0",
"displayName": "Dataminr Pulse",
"publisherDisplayName": "Dataminr Support",
"descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>Dataminr Pulse brings the most advanced AI-powered real-time intelligence into Microsoft Sentinel, easily fitting into your workflows and enabling rapid identification and mitigation of emerging threats so you can deliver faster time to detection and response.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 2, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 1, <strong>Watchlists:</strong> 5, <strong>Playbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
"descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Dataminr%20Pulse/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>Dataminr Pulse brings the most advanced AI-powered real-time intelligence into Microsoft Sentinel, easily fitting into your workflows and enabling rapid identification and mitigation of emerging threats so you can deliver faster time to detection and response.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 2, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 1, <strong>Watchlists:</strong> 5, <strong>Playbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
"contentKind": "Solution",
"contentProductId": "[variables('_solutioncontentProductId')]",
"id": "[variables('_solutioncontentProductId')]",
@ -3710,27 +3710,27 @@
{
"kind": "Watchlist",
"contentId": "[variables('_DataminrPulseAsset')]",
"version": "3.0.2"
"version": "3.0.3"
},
{
"kind": "Watchlist",
"contentId": "[variables('_DataminrPulseVulnerableDomain')]",
"version": "3.0.2"
"version": "3.0.3"
},
{
"kind": "Watchlist",
"contentId": "[variables('_DataminrPulseVulnerableHash')]",
"version": "3.0.2"
"version": "3.0.3"
},
{
"kind": "Watchlist",
"contentId": "[variables('_DataminrPulseVulnerableIp')]",
"version": "3.0.2"
"version": "3.0.3"
},
{
"kind": "Watchlist",
"contentId": "[variables('_DataminrPulseVulnerableMalware')]",
"version": "3.0.2"
"version": "3.0.3"
},
{
"kind": "Playbook",

1
Solutions/Dataminr Pulse/ReleaseNotes.md
Просмотреть файл

@ -1,5 +1,6 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|---------------------------------------------|
| 3.0.3 | 03-05-2024 | Repackaged for parser issue fix on reinstall |
| 3.0.2 | 14-12-2023 | Updated **Data Connector** code |
| 3.0.1 | 06-12-2023 | Updated steps in **DataConnector** UI and **README.md** file. |
| 3.0.0 | 14-07-2023 | Initial Solution Release |

2
Solutions/Dynatrace/Data/Solution_Dynatrace.json
Просмотреть файл

@ -38,7 +38,7 @@
"Parsers/DynatraceSecurityProblems.yaml"
],
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Dynatrace",
"Version": "3.0.1",
"Version": "3.0.2",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
"Is1Pconnector": false

Двоичные данные
Solutions/Dynatrace/Package/3.0.1.zip
Просмотреть файл

Двоичный файл не отображается.

4
Solutions/Dynatrace/Package/createUiDefinition.json
Просмотреть файл

@ -6,7 +6,7 @@
"config": {
"isWizard": false,
"basics": {
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/dynatrace.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\n- Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/ReleaseNotes.md)\r\n\r\nDynatrace is a leading observability platform that provides automatic and intelligent observability at scale for cloud-native and enterprise workloads; with Dynatrace Application Security, your DevSecOps teams can resolve security issues faster, accelerating software delivery.\r\nIntegrating Dynatrace with Microsoft Sentinel enables DevSecOps teams to detect, prioritize, triage, and remediate attacks rapidly. DevSecOps teams benefit from the high-accuracy threat signals Dynatrace surfaces. It helps them avoid time-consuming investigation activities, freeing them up for more critical tasks.\r\nMicrosoft Sentinel data connectors poll Dynatrace for new [attacks, vulnerabilities, audit logs](https://www.dynatrace.com/platform/application-security/), and [problem events](https://docs.dynatrace.com/docs/shortlink/davis-ai-landing).\r\n\r\n**Included data connectors:**\r\n- **Attacks**, Common attacks on application layer vulnerabilities which can be detected and blocked using Dynatrace, like SQL injection, command injection, and JNDI attacks.\r\n- **Runtime vulnerabilities**, Software vulnerabilities detected throughout all layers of the application stack.\r\n- **Audit logs**, Security-relevant events for a Dynatrace tenant.\r\n- **Problems**, AI-powered observability problems raised across cloud and hybrid environments.\r\n\r\n[Learn More about Dynatrace](https://www.dynatrace.com/) | [Dynatrace Docs](https://docs.dynatrace.com/docs)\n\n**Data Connectors:** 4, **Parsers:** 4, **Workbooks:** 1, **Analytic Rules:** 5, **Playbooks:** 6\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/dynatrace.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Dynatrace/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n- Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/ReleaseNotes.md)\r\n\r\nDynatrace is a leading observability platform that provides automatic and intelligent observability at scale for cloud-native and enterprise workloads; with Dynatrace Application Security, your DevSecOps teams can resolve security issues faster, accelerating software delivery.\r\nIntegrating Dynatrace with Microsoft Sentinel enables DevSecOps teams to detect, prioritize, triage, and remediate attacks rapidly. DevSecOps teams benefit from the high-accuracy threat signals Dynatrace surfaces. It helps them avoid time-consuming investigation activities, freeing them up for more critical tasks.\r\nMicrosoft Sentinel data connectors poll Dynatrace for new [attacks, vulnerabilities, audit logs](https://www.dynatrace.com/platform/application-security/), and [problem events](https://docs.dynatrace.com/docs/shortlink/davis-ai-landing).\r\n\r\n**Included data connectors:**\r\n- **Attacks**, Common attacks on application layer vulnerabilities which can be detected and blocked using Dynatrace, like SQL injection, command injection, and JNDI attacks.\r\n- **Runtime vulnerabilities**, Software vulnerabilities detected throughout all layers of the application stack.\r\n- **Audit logs**, Security-relevant events for a Dynatrace tenant.\r\n- **Problems**, AI-powered observability problems raised across cloud and hybrid environments.\r\n\r\n[Learn More about Dynatrace](https://www.dynatrace.com/) | [Dynatrace Docs](https://docs.dynatrace.com/docs)\n\n**Data Connectors:** 4, **Parsers:** 4, **Workbooks:** 1, **Analytic Rules:** 5, **Playbooks:** 6\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
@ -257,4 +257,4 @@
"workspace": "[basics('workspace')]"
}
}
}
}

164
Solutions/Dynatrace/Package/mainTemplate.json
Просмотреть файл

@ -332,7 +332,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
"apiVersion": "2022-04-01-preview",
"apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@ -373,8 +373,8 @@
"entityType": "Host",
"fieldMappings": [
{
"columnName": "host",
"identifier": "HostName"
"identifier": "HostName",
"columnName": "host"
}
]
},
@ -382,8 +382,8 @@
"entityType": "URL",
"fieldMappings": [
{
"columnName": "url",
"identifier": "Url"
"identifier": "Url",
"columnName": "url"
}
]
},
@ -391,8 +391,8 @@
"entityType": "IP",
"fieldMappings": [
{
"columnName": "sourceIp",
"identifier": "Address"
"identifier": "Address",
"columnName": "sourceIp"
}
]
}
@ -401,10 +401,10 @@
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"AttackIdentifier": "AttackId",
"AttackState": "State",
"DisplayIdentifier": "DisplayId",
"AttackType": "AttackType",
"AttackIdentifier": "AttackId"
"AttackType": "AttackType"
},
"alertDetailsOverride": {
"alertDisplayNameFormat": "Dynatrace Attack {{State}} - {{DisplayId}} : {{DisplayName}}",
@ -412,10 +412,10 @@
},
"incidentConfiguration": {
"groupingConfiguration": {
"lookbackDuration": "P7D",
"matchingMethod": "AllEntities",
"enabled": true,
"reopenClosedIncident": true,
"enabled": true
"lookbackDuration": "P7D"
},
"createIncident": true
}
@ -482,7 +482,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
"apiVersion": "2022-04-01-preview",
"apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@ -520,8 +520,8 @@
"entityType": "URL",
"fieldMappings": [
{
"columnName": "Url",
"identifier": "Url"
"identifier": "Url",
"columnName": "Url"
}
]
}
@ -530,33 +530,33 @@
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"SecProbIdentifier": "SecurityProblemId",
"DAVISRiskVector": "DAVISRiskVector",
"ExternVulnIdentifier": "ExternalVulnerabilityId",
"DisplayIdentifier": "DisplayId",
"DAVISDataAssets": "DAVISDataAssets",
"CVEIds": "CVEIds",
"PackageName": "PackageName",
"DAVISPublicExploit": "DAVISPublicExploit",
"DAVISVulnFuncUsage": "DAVISVulnerableFunctionUsage",
"DAVISRiskScore": "DAVISRiskScore",
"DAVISExposure": "DAVISExposure",
"SecurityProblemUrl": "Url",
"Technology": "Technology",
"DAVISRiskLevel": "DAVISRiskLevel",
"VulnerabilityType": "VulnerabilityType"
"PackageName": "PackageName",
"Technology": "Technology",
"ExternVulnIdentifier": "ExternalVulnerabilityId",
"DAVISExposure": "DAVISExposure",
"DAVISRiskVector": "DAVISRiskVector",
"VulnerabilityType": "VulnerabilityType",
"DisplayIdentifier": "DisplayId",
"DAVISRiskScore": "DAVISRiskScore",
"DAVISDataAssets": "DAVISDataAssets",
"SecProbIdentifier": "SecurityProblemId",
"DAVISVulnFuncUsage": "DAVISVulnerableFunctionUsage",
"SecurityProblemUrl": "Url",
"CVEIds": "CVEIds"
},
"alertDetailsOverride": {
"alertDescriptionFormat": "Code-Level runtime vulnerability ({{ExternalVulnerabilityId}}) detected in package ({{PackageName}}), more details available from Dynatrace at {{Url}}.\n",
"alertDisplayNameFormat": "Dynatrace Code-Level runtime vulnerability detected - {{DisplayId}} : {{Title}}",
"alertDescriptionFormat": "Code-Level runtime vulnerability ({{ExternalVulnerabilityId}}) detected in package ({{PackageName}}), more details available from Dynatrace at {{Url}}.\n",
"alertSeverityColumnName": "Severity"
},
"incidentConfiguration": {
"groupingConfiguration": {
"lookbackDuration": "PT5H",
"matchingMethod": "AllEntities",
"enabled": false,
"reopenClosedIncident": false,
"enabled": false
"lookbackDuration": "PT5H"
},
"createIncident": false
}
@ -623,7 +623,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
"apiVersion": "2022-04-01-preview",
"apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@ -661,8 +661,8 @@
"entityType": "URL",
"fieldMappings": [
{
"columnName": "Url",
"identifier": "Url"
"identifier": "Url",
"columnName": "Url"
}
]
}
@ -671,33 +671,33 @@
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"SecProbIdentifier": "SecurityProblemId",
"DAVISRiskVector": "DAVISRiskVector",
"ExternVulnIdentifier": "ExternalVulnerabilityId",
"DisplayIdentifier": "DisplayId",
"DAVISDataAssets": "DAVISDataAssets",
"CVEIds": "CVEIds",
"PackageName": "PackageName",
"DAVISPublicExploit": "DAVISPublicExploit",
"DAVISVulnFuncUsage": "DAVISVulnerableFunctionUsage",
"DAVISRiskScore": "DAVISRiskScore",
"DAVISExposure": "DAVISExposure",
"SecurityProblemUrl": "Url",
"Technology": "Technology",
"DAVISRiskLevel": "DAVISRiskLevel",
"VulnerabilityType": "VulnerabilityType"
"PackageName": "PackageName",
"Technology": "Technology",
"ExternVulnIdentifier": "ExternalVulnerabilityId",
"DAVISExposure": "DAVISExposure",
"DAVISRiskVector": "DAVISRiskVector",
"VulnerabilityType": "VulnerabilityType",
"DisplayIdentifier": "DisplayId",
"DAVISRiskScore": "DAVISRiskScore",
"DAVISDataAssets": "DAVISDataAssets",
"SecProbIdentifier": "SecurityProblemId",
"DAVISVulnFuncUsage": "DAVISVulnerableFunctionUsage",
"SecurityProblemUrl": "Url",
"CVEIds": "CVEIds"
},
"alertDetailsOverride": {
"alertDescriptionFormat": "Third-party runtime vulnerability ({{ExternalVulnerabilityId}}) detected in package ({{PackageName}}), more details available from Dynatrace at {{Url}}.\n",
"alertDisplayNameFormat": "Dynatrace Third-party runtime vulnerability detected - {{DisplayId}} : {{Title}}",
"alertDescriptionFormat": "Third-party runtime vulnerability ({{ExternalVulnerabilityId}}) detected in package ({{PackageName}}), more details available from Dynatrace at {{Url}}.\n",
"alertSeverityColumnName": "Severity"
},
"incidentConfiguration": {
"groupingConfiguration": {
"lookbackDuration": "PT5H",
"matchingMethod": "AllEntities",
"enabled": false,
"reopenClosedIncident": false,
"enabled": false
"lookbackDuration": "PT5H"
},
"createIncident": false
}
@ -764,7 +764,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
"apiVersion": "2022-04-01-preview",
"apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@ -801,33 +801,33 @@
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"SecProbIdentifier": "SecurityProblemId",
"DAVISRiskVector": "DAVISRiskVector",
"ExternVulnIdentifier": "ExternalVulnerabilityId",
"DisplayIdentifier": "DisplayId",
"DAVISDataAssets": "DAVISDataAssets",
"CVEIds": "CVEIds",
"PackageName": "PackageName",
"DAVISPublicExploit": "DAVISPublicExploit",
"DAVISVulnFuncUsage": "DAVISVulnerableFunctionUsage",
"DAVISRiskScore": "DAVISRiskScore",
"DAVISExposure": "DAVISExposure",
"SecurityProblemUrl": "Url",
"Technology": "Technology",
"DAVISRiskLevel": "DAVISRiskLevel",
"VulnerabilityType": "VulnerabilityType"
"PackageName": "PackageName",
"Technology": "Technology",
"ExternVulnIdentifier": "ExternalVulnerabilityId",
"DAVISExposure": "DAVISExposure",
"DAVISRiskVector": "DAVISRiskVector",
"VulnerabilityType": "VulnerabilityType",
"DisplayIdentifier": "DisplayId",
"DAVISRiskScore": "DAVISRiskScore",
"DAVISDataAssets": "DAVISDataAssets",
"SecProbIdentifier": "SecurityProblemId",
"DAVISVulnFuncUsage": "DAVISVulnerableFunctionUsage",
"SecurityProblemUrl": "Url",
"CVEIds": "CVEIds"
},
"alertDetailsOverride": {
"alertDescriptionFormat": "Non-critical runtime vulnerability ({{ExternalVulnerabilityId}}) detected in package ({{PackageName}}), more details available from Dynatrace at {{Url}}.\n",
"alertDisplayNameFormat": "Dynatrace Non-critical runtime vulnerability detected - {{DisplayId}} : {{Title}}",
"alertDescriptionFormat": "Non-critical runtime vulnerability ({{ExternalVulnerabilityId}}) detected in package ({{PackageName}}), more details available from Dynatrace at {{Url}}.\n",
"alertSeverityColumnName": "Severity"
},
"incidentConfiguration": {
"groupingConfiguration": {
"lookbackDuration": "PT5H",
"matchingMethod": "AllEntities",
"enabled": false,
"reopenClosedIncident": false,
"enabled": false
"lookbackDuration": "PT5H"
},
"createIncident": false
}
@ -894,7 +894,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
"apiVersion": "2022-04-01-preview",
"apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@ -922,22 +922,22 @@
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"SeverityLevel": "SeverityLevel",
"DisplayIdentifier": "DisplayId",
"ProblemIdentifier": "ProblemId",
"ImpactLevel": "ImpactLevel",
"ProblemIdentifier": "ProblemId"
"SeverityLevel": "SeverityLevel",
"DisplayIdentifier": "DisplayId"
},
"alertDetailsOverride": {
"alertDescriptionFormat": "A application and/or infrastructure problem has been detected in your environment\n",
"alertDisplayNameFormat": "Dynatrace problem detected - {{DisplayId}} : {{Title}}",
"alertDescriptionFormat": "A application and/or infrastructure problem has been detected in your environment\n",
"alertSeverityColumnName": "Severity"
},
"incidentConfiguration": {
"groupingConfiguration": {
"lookbackDuration": "PT5H",
"matchingMethod": "AllEntities",
"enabled": false,
"reopenClosedIncident": false,
"enabled": false
"lookbackDuration": "PT5H"
},
"createIncident": false
}
@ -6819,7 +6819,7 @@
"[variables('parserObject1')._parserId1]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for DynatraceAttacks')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'DynatraceAttacks')]",
"contentId": "[variables('parserObject1').parserContentId1]",
"kind": "Parser",
"version": "[variables('parserObject1').parserVersion1]",
@ -6885,7 +6885,7 @@
"[variables('parserObject1')._parserId1]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for DynatraceAttacks')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'DynatraceAttacks')]",
"contentId": "[variables('parserObject1').parserContentId1]",
"kind": "Parser",
"version": "[variables('parserObject1').parserVersion1]",
@ -6951,7 +6951,7 @@
"[variables('parserObject2')._parserId2]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for DynatraceAuditLogs')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'DynatraceAuditLogs')]",
"contentId": "[variables('parserObject2').parserContentId2]",
"kind": "Parser",
"version": "[variables('parserObject2').parserVersion2]",
@ -7017,7 +7017,7 @@
"[variables('parserObject2')._parserId2]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for DynatraceAuditLogs')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'DynatraceAuditLogs')]",
"contentId": "[variables('parserObject2').parserContentId2]",
"kind": "Parser",
"version": "[variables('parserObject2').parserVersion2]",
@ -7083,7 +7083,7 @@
"[variables('parserObject3')._parserId3]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for DynatraceProblems')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'DynatraceProblems')]",
"contentId": "[variables('parserObject3').parserContentId3]",
"kind": "Parser",
"version": "[variables('parserObject3').parserVersion3]",
@ -7149,7 +7149,7 @@
"[variables('parserObject3')._parserId3]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for DynatraceProblems')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'DynatraceProblems')]",
"contentId": "[variables('parserObject3').parserContentId3]",
"kind": "Parser",
"version": "[variables('parserObject3').parserVersion3]",
@ -7215,7 +7215,7 @@
"[variables('parserObject4')._parserId4]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for DynatraceSecurityProblems')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'DynatraceSecurityProblems')]",
"contentId": "[variables('parserObject4').parserContentId4]",
"kind": "Parser",
"version": "[variables('parserObject4').parserVersion4]",
@ -7281,7 +7281,7 @@
"[variables('parserObject4')._parserId4]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for DynatraceSecurityProblems')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'DynatraceSecurityProblems')]",
"contentId": "[variables('parserObject4').parserContentId4]",
"kind": "Parser",
"version": "[variables('parserObject4').parserVersion4]",
@ -7312,7 +7312,7 @@
"contentSchemaVersion": "3.0.0",
"displayName": "Dynatrace",
"publisherDisplayName": "Dynatrace",
"descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<ul>\n<li>Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/ReleaseNotes.md\">Release Notes</a></li>\n</ul>\n<p>Dynatrace is a leading observability platform that provides automatic and intelligent observability at scale for cloud-native and enterprise workloads; with Dynatrace Application Security, your DevSecOps teams can resolve security issues faster, accelerating software delivery.\nIntegrating Dynatrace with Microsoft Sentinel enables DevSecOps teams to detect, prioritize, triage, and remediate attacks rapidly. DevSecOps teams benefit from the high-accuracy threat signals Dynatrace surfaces. It helps them avoid time-consuming investigation activities, freeing them up for more critical tasks.\nMicrosoft Sentinel data connectors poll Dynatrace for new <a href=\"https://www.dynatrace.com/platform/application-security/\">attacks, vulnerabilities, audit logs</a>, and <a href=\"https://docs.dynatrace.com/docs/shortlink/davis-ai-landing\">problem events</a>.</p>\n<p><strong>Included data connectors:</strong></p>\n<ul>\n<li><strong>Attacks</strong>, Common attacks on application layer vulnerabilities which can be detected and blocked using Dynatrace, like SQL injection, command injection, and JNDI attacks.</li>\n<li><strong>Runtime vulnerabilities</strong>, Software vulnerabilities detected throughout all layers of the application stack.</li>\n<li><strong>Audit logs</strong>, Security-relevant events for a Dynatrace tenant.</li>\n<li><strong>Problems</strong>, AI-powered observability problems raised across cloud and hybrid environments.</li>\n</ul>\n<p><a href=\"https://www.dynatrace.com/\">Learn More about Dynatrace</a> | <a href=\"https://docs.dynatrace.com/docs\">Dynatrace Docs</a></p>\n<p><strong>Data Connectors:</strong> 4, <strong>Parsers:</strong> 4, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 5, <strong>Playbooks:</strong> 6</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
"descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Dynatrace/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<ul>\n<li>Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/ReleaseNotes.md\">Release Notes</a></li>\n</ul>\n<p>Dynatrace is a leading observability platform that provides automatic and intelligent observability at scale for cloud-native and enterprise workloads; with Dynatrace Application Security, your DevSecOps teams can resolve security issues faster, accelerating software delivery.\nIntegrating Dynatrace with Microsoft Sentinel enables DevSecOps teams to detect, prioritize, triage, and remediate attacks rapidly. DevSecOps teams benefit from the high-accuracy threat signals Dynatrace surfaces. It helps them avoid time-consuming investigation activities, freeing them up for more critical tasks.\nMicrosoft Sentinel data connectors poll Dynatrace for new <a href=\"https://www.dynatrace.com/platform/application-security/\">attacks, vulnerabilities, audit logs</a>, and <a href=\"https://docs.dynatrace.com/docs/shortlink/davis-ai-landing\">problem events</a>.</p>\n<p><strong>Included data connectors:</strong></p>\n<ul>\n<li><strong>Attacks</strong>, Common attacks on application layer vulnerabilities which can be detected and blocked using Dynatrace, like SQL injection, command injection, and JNDI attacks.</li>\n<li><strong>Runtime vulnerabilities</strong>, Software vulnerabilities detected throughout all layers of the application stack.</li>\n<li><strong>Audit logs</strong>, Security-relevant events for a Dynatrace tenant.</li>\n<li><strong>Problems</strong>, AI-powered observability problems raised across cloud and hybrid environments.</li>\n</ul>\n<p><a href=\"https://www.dynatrace.com/\">Learn More about Dynatrace</a> | <a href=\"https://docs.dynatrace.com/docs\">Dynatrace Docs</a></p>\n<p><strong>Data Connectors:</strong> 4, <strong>Parsers:</strong> 4, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 5, <strong>Playbooks:</strong> 6</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
"contentKind": "Solution",
"contentProductId": "[variables('_solutioncontentProductId')]",
"id": "[variables('_solutioncontentProductId')]",

1
Solutions/Dynatrace/ReleaseNotes.md
Просмотреть файл

@ -1,5 +1,6 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|---------------------------------------------|
| 3.0.2 | 03-05-2024 | Repackaged for parser issue fix on reinstall |
| 3.0.1 | 18-01-2024 | Changes for rebranding from Microsoft 365 Defender to Microsoft Defender XDR, |
| | | Updated user-agent strings used when calling Dynatrace REST API's, |
| | | Added new Entity Mappings to **Analytic Rules** |

6
Solutions/Fortinet FortiNDR Cloud/Data/Solution_FortiNdrCloud.json
Просмотреть файл

@ -4,16 +4,16 @@
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/fortinet_logo.svg\" width=\"75px\" height=\"75px\">",
"Description": "The [Fortinet FortiNDR Cloud](https://docs.fortinet.com/product/fortindr-cloud) solution for Microsoft Sentinel provides the capability to ingest Fortinet FortiNDR Cloud events into Microsoft Sentinel. For questions about Fortinet FortiNDR Cloud, please contact Fortinet at [fnc-sentinel@fortinet.com](mailto:fnc-sentinel@fortinet.com).",
"Data Connectors": [
"Data Connectors/FortinetFortiNdrCloud_API_AzureFunctionApp.json"
"Data Connectors/FortinetFortiNdrCloud_API_AzureFunctionApp.json"
],
"Parsers": [
"Parsers/Fortinet_FortiNDR_Cloud.yaml"
],
"Workbooks": [
"Workbooks/FortinetFortiNdrCloudWorkbook.json"
"Workbooks/FortinetFortiNdrCloudWorkbook.json"
],
"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Fortinet FortiNDR Cloud",
"Version": "3.0.0",
"Version": "3.0.1",
"Metadata": "SolutionMetadata.json",
"TemplateSpec": true,
"Is1PConnector": false

Двоичные данные
Solutions/Fortinet FortiNDR Cloud/Package/3.0.1.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

14
Solutions/Fortinet FortiNDR Cloud/Package/mainTemplate.json
Просмотреть файл

@ -41,7 +41,7 @@
"email": "cs@fortinet.com",
"_email": "[variables('email')]",
"_solutionName": "Fortinet FortiNDR Cloud",
"_solutionVersion": "3.0.0",
"_solutionVersion": "3.0.1",
"solutionId": "fortinet.fortindrcloud-sentinel",
"_solutionId": "[variables('solutionId')]",
"uiConfigId1": "FortinetFortiNdrCloudDataConnector",
@ -79,7 +79,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Fortinet FortiNDR Cloud data connector with template version 3.0.0",
"description": "Fortinet FortiNDR Cloud data connector with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion1')]",
@ -504,7 +504,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Fortinet_FortiNDR_Cloud Data Parser with template version 3.0.0",
"description": "Fortinet_FortiNDR_Cloud Data Parser with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject1').parserVersion1]",
@ -540,7 +540,7 @@
"[variables('parserObject1')._parserId1]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for Fortinet_FortiNDR_Cloud')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Fortinet_FortiNDR_Cloud Data Parser')]",
"contentId": "[variables('parserObject1').parserContentId1]",
"kind": "Parser",
"version": "[variables('parserObject1').parserVersion1]",
@ -606,7 +606,7 @@
"[variables('parserObject1')._parserId1]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for Fortinet_FortiNDR_Cloud')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Fortinet_FortiNDR_Cloud Data Parser')]",
"contentId": "[variables('parserObject1').parserContentId1]",
"kind": "Parser",
"version": "[variables('parserObject1').parserVersion1]",
@ -636,7 +636,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "FortinetFortiNdrCloudWorkbook Workbook with template version 3.0.0",
"description": "FortinetFortiNdrCloudWorkbook Workbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('workbookVersion1')]",
@ -728,7 +728,7 @@
"apiVersion": "2023-04-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
"version": "3.0.0",
"version": "3.0.1",
"kind": "Solution",
"contentSchemaVersion": "3.0.0",
"displayName": "Fortinet FortiNDR Cloud",

1
Solutions/Fortinet FortiNDR Cloud/ReleaseNotes.md
Просмотреть файл

@ -1,3 +1,4 @@
| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
|-------------|--------------------------------|---------------------------------------------|
| 3.0.1 | 03-05-2024 | Repackaged for parser issue fix on reinstall|
| 3.0.0 | 29-02-2024 | Initial Solution Release |

6
Solutions/Infoblox SOC Insights/Data/Solution_Infoblox_SOC_Insights.json
Просмотреть файл

@ -1,5 +1,5 @@
{
"Name": "Infoblox SOC Insights for Microsoft Sentinel",
"Name": "Infoblox SOC Insights",
"Author": "Microsoft - support@microsoft.com",
"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/infoblox_logo.svg\" width=\"75px\" height=\"75px\">",
"Description": "The [Infoblox](https://www.infoblox.com/) SOC Insights solution allows you to easily connect your Infoblox BloxOne SOC Insights data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.",
@ -29,8 +29,8 @@
"Playbooks/Infoblox-SOC-Import-Indicators-TI/azuredeploy.json"
],
"Metadata": "SolutionMetadata.json",
"BasePath": "C:\\GitHub\\azure-sentinel\\Solutions\\Infoblox SOC Insights for Microsoft Sentinel",
"Version": "1.0.0",
"BasePath": "C:\\GitHub\\azure-sentinel\\Solutions\\Infoblox SOC Insights",
"Version": "3.0.1",
"TemplateSpec": true,
"Is1PConnector": false
}

Двоичные данные
Solutions/Infoblox SOC Insights/Package/3.0.1.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

11
Solutions/Infoblox SOC Insights/Package/createUiDefinition.json
Просмотреть файл

@ -6,7 +6,7 @@
"config": {
"isWizard": false,
"basics": {
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/infoblox_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Infoblox%20SOC%20Insights%20for%20Microsoft%20Sentinel/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Infoblox](https://www.infoblox.com/) SOC Insights solution allows you to easily connect your Infoblox BloxOne SOC Insights data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.\n\n**Data Connectors:** 3, **Parsers:** 6, **Workbooks:** 1, **Analytic Rules:** 2, **Playbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/infoblox_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Infoblox%20SOC%20Insights/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Infoblox](https://www.infoblox.com/) SOC Insights solution allows you to easily connect your Infoblox BloxOne SOC Insights data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.\n\n**Data Connectors:** 3, **Parsers:** 6, **Workbooks:** 1, **Analytic Rules:** 2, **Playbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
@ -60,7 +60,14 @@
"name": "dataconnectors1-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This Solution installs the data connector for Infoblox SOC Insights for Microsoft Sentinel. You can get Infoblox SOC Insights for Microsoft Sentinel CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
"text": "This Solution installs the data connector for Infoblox SOC Insights. You can get Infoblox SOC Insights CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
}
},
{
"name": "dataconnectors2-text",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "This Solution installs the data connector for Infoblox SOC Insights. You can get Infoblox SOC Insights custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
}
},
{

180
Solutions/Infoblox SOC Insights/Package/mainTemplate.json
Просмотреть файл

@ -3,7 +3,7 @@
"contentVersion": "1.0.0.0",
"metadata": {
"author": "Microsoft - support@microsoft.com",
"comments": "Solution template for Infoblox SOC Insights for Microsoft Sentinel"
"comments": "Solution template for Infoblox SOC Insights"
},
"parameters": {
"location": {
@ -40,8 +40,8 @@
"variables": {
"email": "support@microsoft.com",
"_email": "[variables('email')]",
"_solutionName": "Infoblox SOC Insights for Microsoft Sentinel",
"_solutionVersion": "3.0.0",
"_solutionName": "Infoblox SOC Insights",
"_solutionVersion": "3.0.1",
"solutionId": "infoblox.infoblox-soc-insight-solution",
"_solutionId": "[variables('solutionId')]",
"workbookVersion1": "1.0.0",
@ -172,7 +172,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InfobloxSOCInsightsWorkbook Workbook with template version 3.0.0",
"description": "InfobloxSOCInsightsWorkbook Workbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('workbookVersion1')]",
@ -208,7 +208,7 @@
"version": "[variables('workbookVersion1')]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -283,7 +283,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Infoblox-SOCInsightDetected-APISource_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "Infoblox-SOCInsightDetected-APISource_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@ -311,10 +311,10 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "InfobloxSOCInsightsDataConnector_API",
"dataTypes": [
"InfobloxInsight"
]
],
"connectorId": "InfobloxSOCInsightsDataConnector_API"
}
],
"tactics": [
@ -326,16 +326,15 @@
],
"entityMappings": [
{
"entityType": "SecurityGroup",
"fieldMappings": [
{
"columnName": "InfobloxInsightID",
"identifier": "ObjectGuid"
}
]
],
"entityType": "SecurityGroup"
},
{
"entityType": "Malware",
"fieldMappings": [
{
"columnName": "ThreatClass",
@ -345,28 +344,29 @@
"columnName": "ThreatProperty",
"identifier": "Category"
}
]
],
"entityType": "Malware"
}
],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"BlockedHits": "BlockedCount",
"InfobloxInsightID": "InfobloxInsightID",
"TotalHits": "EventsCount",
"Status": "Status",
"PersistentDate": "PersistentDate",
"LastSeen": "LastSeen",
"BlockedHits": "BlockedCount",
"SpreadingDate": "SpreadingDate",
"InfobloxInsightID": "InfobloxInsightID",
"Severity": "Priority",
"FirstSeen": "FirstSeen",
"UnblockedHits": "NotBlockedCount",
"SpreadingDate": "SpreadingDate",
"LastSeen": "LastSeen",
"FeedSource": "FeedSource",
"TotalHits": "EventsCount",
"Severity": "Priority"
"PersistentDate": "PersistentDate"
},
"alertDetailsOverride": {
"alertDescriptionFormat": "Observed via API. {{ThreatFamily}}. Last Observation: {{LastSeen}}",
"alertDisplayNameFormat": "Infoblox - SOC Insight - {{ThreatClass}} {{ThreatProperty}}",
"alertDescriptionFormat": "Observed via API. {{ThreatFamily}}. Last Observation: {{LastSeen}}",
"alertSeverityColumnName": "IncidentSeverity"
},
"incidentConfiguration": {
@ -379,14 +379,14 @@
"apiVersion": "2022-01-01-preview",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject1').analyticRuleId1,'/'))))]",
"properties": {
"description": "Infoblox SOC Insights for Microsoft Sentinel Analytics Rule 1",
"description": "Infoblox SOC Insights Analytics Rule 1",
"parentId": "[variables('analyticRuleObject1').analyticRuleId1]",
"contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
"kind": "AnalyticsRule",
"version": "[variables('analyticRuleObject1').analyticRuleVersion1]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -424,7 +424,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Infoblox-SOCInsightDetected-CDCSource_AnalyticalRules Analytics Rule with template version 3.0.0",
"description": "Infoblox-SOCInsightDetected-CDCSource_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@ -452,16 +452,16 @@
"status": "Available",
"requiredDataConnectors": [
{
"connectorId": "InfobloxSOCInsightsDataConnector_Legacy",
"dataTypes": [
"CommonSecurityLog (InfobloxCDC_SOCInsights)"
]
],
"connectorId": "InfobloxSOCInsightsDataConnector_Legacy"
},
{
"connectorId": "InfobloxSOCInsightsDataConnector_AMA",
"dataTypes": [
"CommonSecurityLog (InfobloxCDC_SOCInsights)"
]
],
"connectorId": "InfobloxSOCInsightsDataConnector_AMA"
}
],
"tactics": [
@ -473,16 +473,15 @@
],
"entityMappings": [
{
"entityType": "SecurityGroup",
"fieldMappings": [
{
"columnName": "InfobloxInsightID",
"identifier": "ObjectGuid"
}
]
],
"entityType": "SecurityGroup"
},
{
"entityType": "Malware",
"fieldMappings": [
{
"columnName": "ThreatClass",
@ -492,23 +491,24 @@
"columnName": "ThreatProperty",
"identifier": "Category"
}
]
],
"entityType": "Malware"
}
],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Status": "Status",
"TotalHits": "EventsCount",
"UnblockedHits": "NotBlockedCount",
"BlockedHits": "BlockedCount",
"FeedSource": "FeedSource",
"InfobloxInsightID": "InfobloxInsightID"
"Status": "Status",
"BlockedHits": "BlockedCount",
"InfobloxInsightID": "InfobloxInsightID",
"TotalHits": "EventsCount",
"UnblockedHits": "NotBlockedCount"
},
"alertDetailsOverride": {
"alertDescriptionFormat": "Observed via CDC. {{ThreatFamily}}. {{Message}}",
"alertDisplayNameFormat": "Infoblox - SOC Insight - {{ThreatClass}} {{ThreatProperty}}",
"alertDescriptionFormat": "Observed via CDC. {{ThreatFamily}}. {{Message}}",
"alertSeverityColumnName": "IncidentSeverity"
},
"incidentConfiguration": {
@ -521,14 +521,14 @@
"apiVersion": "2022-01-01-preview",
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject2').analyticRuleId2,'/'))))]",
"properties": {
"description": "Infoblox SOC Insights for Microsoft Sentinel Analytics Rule 2",
"description": "Infoblox SOC Insights Analytics Rule 2",
"parentId": "[variables('analyticRuleObject2').analyticRuleId2]",
"contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
"kind": "AnalyticsRule",
"version": "[variables('analyticRuleObject2').analyticRuleVersion2]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -566,7 +566,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Infoblox SOC Insights for Microsoft Sentinel data connector with template version 3.0.0",
"description": "Infoblox SOC Insights data connector with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion1')]",
@ -756,7 +756,7 @@
"version": "[variables('dataConnectorVersion1')]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -800,7 +800,7 @@
"version": "[variables('dataConnectorVersion1')]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -995,7 +995,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Infoblox SOC Insights for Microsoft Sentinel data connector with template version 3.0.0",
"description": "Infoblox SOC Insights data connector with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion2')]",
@ -1154,7 +1154,7 @@
"version": "[variables('dataConnectorVersion2')]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -1198,7 +1198,7 @@
"version": "[variables('dataConnectorVersion2')]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -1362,7 +1362,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Infoblox SOC Insights for Microsoft Sentinel data connector with template version 3.0.0",
"description": "Infoblox SOC Insights data connector with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion3')]",
@ -1560,7 +1560,7 @@
"version": "[variables('dataConnectorVersion3')]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -1604,7 +1604,7 @@
"version": "[variables('dataConnectorVersion3')]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -1807,7 +1807,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InfobloxCDC_SOCInsights Data Parser with template version 3.0.0",
"description": "InfobloxCDC_SOCInsights Data Parser with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject1').parserVersion1]",
@ -1843,12 +1843,12 @@
"[variables('parserObject1')._parserId1]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for InfobloxCDC_SOCInsights')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'InfobloxCDC_SOCInsights Data Parser')]",
"contentId": "[variables('parserObject1').parserContentId1]",
"kind": "Parser",
"version": "[variables('parserObject1').parserVersion1]",
"source": {
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"kind": "Solution",
"sourceId": "[variables('_solutionId')]"
},
@ -1908,13 +1908,13 @@
"[variables('parserObject1')._parserId1]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for InfobloxCDC_SOCInsights')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'InfobloxCDC_SOCInsights Data Parser')]",
"contentId": "[variables('parserObject1').parserContentId1]",
"kind": "Parser",
"version": "[variables('parserObject1').parserVersion1]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -1937,7 +1937,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InfobloxInsight Data Parser with template version 3.0.0",
"description": "InfobloxInsight Data Parser with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject2').parserVersion2]",
@ -1973,12 +1973,12 @@
"[variables('parserObject2')._parserId2]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for InfobloxInsight')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'InfobloxInsight Data Parser')]",
"contentId": "[variables('parserObject2').parserContentId2]",
"kind": "Parser",
"version": "[variables('parserObject2').parserVersion2]",
"source": {
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"kind": "Solution",
"sourceId": "[variables('_solutionId')]"
},
@ -2038,13 +2038,13 @@
"[variables('parserObject2')._parserId2]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for InfobloxInsight')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'InfobloxInsight Data Parser')]",
"contentId": "[variables('parserObject2').parserContentId2]",
"kind": "Parser",
"version": "[variables('parserObject2').parserVersion2]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -2067,7 +2067,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InfobloxInsightAssets Data Parser with template version 3.0.0",
"description": "InfobloxInsightAssets Data Parser with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject3').parserVersion3]",
@ -2103,12 +2103,12 @@
"[variables('parserObject3')._parserId3]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for InfobloxInsightAssets')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'InfobloxInsightAssets Data Parser')]",
"contentId": "[variables('parserObject3').parserContentId3]",
"kind": "Parser",
"version": "[variables('parserObject3').parserVersion3]",
"source": {
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"kind": "Solution",
"sourceId": "[variables('_solutionId')]"
},
@ -2168,13 +2168,13 @@
"[variables('parserObject3')._parserId3]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for InfobloxInsightAssets')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'InfobloxInsightAssets Data Parser')]",
"contentId": "[variables('parserObject3').parserContentId3]",
"kind": "Parser",
"version": "[variables('parserObject3').parserVersion3]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -2197,7 +2197,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InfobloxInsightComments Data Parser with template version 3.0.0",
"description": "InfobloxInsightComments Data Parser with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject4').parserVersion4]",
@ -2233,12 +2233,12 @@
"[variables('parserObject4')._parserId4]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for InfobloxInsightComments')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'InfobloxInsightComments Data Parser')]",
"contentId": "[variables('parserObject4').parserContentId4]",
"kind": "Parser",
"version": "[variables('parserObject4').parserVersion4]",
"source": {
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"kind": "Solution",
"sourceId": "[variables('_solutionId')]"
},
@ -2298,13 +2298,13 @@
"[variables('parserObject4')._parserId4]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for InfobloxInsightComments')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'InfobloxInsightComments Data Parser')]",
"contentId": "[variables('parserObject4').parserContentId4]",
"kind": "Parser",
"version": "[variables('parserObject4').parserVersion4]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -2327,7 +2327,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InfobloxInsightEvents Data Parser with template version 3.0.0",
"description": "InfobloxInsightEvents Data Parser with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject5').parserVersion5]",
@ -2363,12 +2363,12 @@
"[variables('parserObject5')._parserId5]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for InfobloxInsightEvents')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'InfobloxInsightEvents Data Parser')]",
"contentId": "[variables('parserObject5').parserContentId5]",
"kind": "Parser",
"version": "[variables('parserObject5').parserVersion5]",
"source": {
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"kind": "Solution",
"sourceId": "[variables('_solutionId')]"
},
@ -2428,13 +2428,13 @@
"[variables('parserObject5')._parserId5]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for InfobloxInsightEvents')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'InfobloxInsightEvents Data Parser')]",
"contentId": "[variables('parserObject5').parserContentId5]",
"kind": "Parser",
"version": "[variables('parserObject5').parserVersion5]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -2457,7 +2457,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InfobloxInsightIndicators Data Parser with template version 3.0.0",
"description": "InfobloxInsightIndicators Data Parser with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('parserObject6').parserVersion6]",
@ -2493,12 +2493,12 @@
"[variables('parserObject6')._parserId6]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for InfobloxInsightIndicators')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'InfobloxInsightIndicators Data Parser')]",
"contentId": "[variables('parserObject6').parserContentId6]",
"kind": "Parser",
"version": "[variables('parserObject6').parserVersion6]",
"source": {
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"kind": "Solution",
"sourceId": "[variables('_solutionId')]"
},
@ -2558,13 +2558,13 @@
"[variables('parserObject6')._parserId6]"
],
"properties": {
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Parser for InfobloxInsightIndicators')]",
"parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'InfobloxInsightIndicators Data Parser')]",
"contentId": "[variables('parserObject6').parserContentId6]",
"kind": "Parser",
"version": "[variables('parserObject6').parserVersion6]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -2587,7 +2587,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Infoblox-SOC-Get-Insight-Details Playbook with template version 3.0.0",
"description": "Infoblox-SOC-Get-Insight-Details Playbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion1')]",
@ -3452,7 +3452,7 @@
"version": "[variables('playbookVersion1')]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -3519,7 +3519,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Infoblox-SOC-Get-Open-Insights-API Playbook with template version 3.0.0",
"description": "Infoblox-SOC-Get-Open-Insights-API Playbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion2')]",
@ -3757,7 +3757,7 @@
"version": "[variables('playbookVersion2')]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -3813,7 +3813,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Infoblox-SOC-Import-Indicators-TI Playbook with template version 3.0.0",
"description": "Infoblox-SOC-Import-Indicators-TI Playbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion3')]",
@ -3823,7 +3823,7 @@
"type": "string"
},
"Entra ID Application Secret": {
"type": "string",
"type": "securestring",
"metadata": {
"description": "Enter value for Entra ID Application Secret"
}
@ -3866,7 +3866,7 @@
},
"Entra ID Application Secret": {
"defaultValue": "[[parameters('Entra ID Application Secret')]",
"type": "string"
"type": "securestring"
},
"Client ID": {
"defaultValue": "[[parameters('Client ID')]",
@ -4364,7 +4364,7 @@
"version": "[variables('playbookVersion3')]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {
@ -4423,12 +4423,12 @@
"apiVersion": "2023-04-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
"version": "3.0.0",
"version": "3.0.1",
"kind": "Solution",
"contentSchemaVersion": "3.0.0",
"displayName": "Infoblox SOC Insights for Microsoft Sentinel",
"displayName": "Infoblox SOC Insights",
"publisherDisplayName": "Infoblox",
"descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Infoblox%20SOC%20Insights%20for%20Microsoft%20Sentinel/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.infoblox.com/\">Infoblox</a> SOC Insights solution allows you to easily connect your Infoblox BloxOne SOC Insights data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search &amp; correlation, alerting, and threat intelligence enrichment for each log.</p>\n<p><strong>Data Connectors:</strong> 3, <strong>Parsers:</strong> 6, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 2, <strong>Playbooks:</strong> 3</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
"descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Infoblox%20SOC%20Insights/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.infoblox.com/\">Infoblox</a> SOC Insights solution allows you to easily connect your Infoblox BloxOne SOC Insights data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search &amp; correlation, alerting, and threat intelligence enrichment for each log.</p>\n<p><strong>Data Connectors:</strong> 3, <strong>Parsers:</strong> 6, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 2, <strong>Playbooks:</strong> 3</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
"contentKind": "Solution",
"contentProductId": "[variables('_solutioncontentProductId')]",
"id": "[variables('_solutioncontentProductId')]",
@ -4437,7 +4437,7 @@
"parentId": "[variables('_solutionId')]",
"source": {
"kind": "Solution",
"name": "Infoblox SOC Insights for Microsoft Sentinel",
"name": "Infoblox SOC Insights",
"sourceId": "[variables('_solutionId')]"
},
"author": {

1
Solutions/Infoblox SOC Insights/ReleaseNotes.md
Просмотреть файл

@ -1,3 +1,4 @@
| **Version** | **Date Modified** | **Change History** |
|---------------|--------------------------------|-----------------------------------------|
| 3.0.1 | 03-05-2024 | Repackaged for parser issue fix on reinstall |
| 3.0.0 | 04-03-2024 | Initial Solution Release |

2
Solutions/Microsoft Defender for Cloud/Data Connectors/MicrosoftDefenderForCloudTenantBased.json
Просмотреть файл

@ -2,7 +2,7 @@
"id": "MicrosoftDefenderForCloudTenantBased",
"title": "Tenant-based Microsoft Defender for Cloud (Preview)",
"publisher": "Microsoft",
"descriptionMarkdown": "Microsoft Defender for Cloud is a security management tool that allows you to detect and quickly respond to threats across Azure, hybrid, and multi-cloud workloads. This connector allows you to stream your MDC security alerts from Microsoft 365 Defender into Microsoft Sentinel, so you can can leverage the advantages of XDR correlations connecting the dots across your cloud resources, devices and identities and view the data in workbooks, queries and investigate and respond to incidents.",
"descriptionMarkdown": "Microsoft Defender for Cloud is a security management tool that allows you to detect and quickly respond to threats across Azure, hybrid, and multi-cloud workloads. This connector allows you to stream your MDC security alerts from Microsoft 365 Defender into Microsoft Sentinel, so you can can leverage the advantages of XDR correlations connecting the dots across your cloud resources, devices and identities and view the data in workbooks, queries and investigate and respond to incidents. For more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2269832&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).",
"logo": "Microsoft.svg",
"graphQueriesTableName": "SecurityAlerts",
"graphQueries": [

38
Solutions/Netskopev2/Analytic Rules/NetskopeWebTxErrors.yaml Normal file
Просмотреть файл

@ -0,0 +1,38 @@
id: "66c4cd4c-d391-47e8-b4e6-93e55d86ca9f"
name: "Netskope - WebTransaction Error Detection"
description: |
'Rule helps to track error occurred in Netskope WebTransaction Data Connector.'
severity: Medium
status: Available
requiredDataConnectors:
- connectorId: NetskopeDataConnector
dataTypes:
- NetskopeWebtxErrors_CL
queryFrequency: 5m
queryPeriod: 5m
triggerOperator: GreaterThan
triggerThreshold: 0
tactics:
- Execution
relevantTechniques:
- T1204
query: |
NetskopeWebtxErrors_CL
|where error_s has_any ("Invalid Netskope Hostname", "Webtx Authentication", "Webtx Token Empty", "Webtx Exponential Backoff", "Webtx Idle Time")
incidentConfiguration:
createIncident: true
groupingConfiguration :
enabled: true
reopenClosedIncident: false
lookbackDuration : 5m
matchingMethod : AnyAlert
eventGroupingSettings:
aggregationKind: AlertPerResult
alertDetailsOverride:
alertDisplayNameFormat: 'Netskope Error at {{TimeGenerated}}'
alertDescriptionFormat: 'Error Message: {{error_s}}'
customDetails:
ErrorMessage: error_s
Time: TimeGenerated
version: 1.0.0
kind: Scheduled

Двоичные данные
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/NetskopeStorageToSentinel.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

22
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/NetskopeToAzureStorage/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,22 @@
"""init module for NetskopeToAzureStorage activity function."""
import datetime
import logging
from .netskope_to_azure_storage import NetskopeToAzureStorage
from ..SharedCode import utils
import azure.functions as func
async def main(mytimer: func.TimerRequest) -> None:
"""Initialize netskope_to_azure_storage object and start execution."""
utc_timestamp = datetime.datetime.utcnow().replace(tzinfo=datetime.timezone.utc).isoformat()
event_type_sub_type = utils.get_event_alert_type_subtype()
netskope_to_azure_storage = NetskopeToAzureStorage(
event_type_sub_type.get("type_of_data"), event_type_sub_type.get("sub_type")
)
await netskope_to_azure_storage.initiate_and_manage_iterators()
if mytimer.past_due:
logging.info("The timer is past due!")
logging.info("Python timer trigger function ran at %s", utc_timestamp)

12
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/NetskopeToAzureStorage/function.json Normal file
Просмотреть файл

@ -0,0 +1,12 @@
{
"scriptFile": "__init__.py",
"bindings": [
{
"name": "mytimer",
"type": "timerTrigger",
"direction": "in",
"schedule": "0 0/10 * * * *",
"useMonitor": true
}
]
}

200
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/NetskopeToAzureStorage/netskope_api_async.py Normal file
Просмотреть файл

@ -0,0 +1,200 @@
"""Make API call and handle exceptions."""
import asyncio
import inspect
from random import randrange
import aiohttp
from ..SharedCode import consts
from ..SharedCode.netskope_exception import NetskopeException
from ..SharedCode.logger import applogger
from aiohttp.client_exceptions import ServerDisconnectedError
class NetskopeAPIAsync:
"""Class to handle Netskope asynchronous api calls and exception handling."""
def __init__(self, type_of_data, sub_type) -> None:
"""Initialize NetskopeAPIAsync class.
Args:
type_of_data (str): The type of Netskope Data to fetch.(alerts/events)
sub_type (str): The subtype of the data to fetch.
"""
self.hostname = consts.NETSKOPE_HOSTNAME
self.type_of_data = type_of_data
self.sub_type = sub_type
self.nskp_data_type_for_logging = self.type_of_data + "_" + self.sub_type
def url_builder(self, iterator_name, operation) -> str:
"""Build the URL and return the built url.
Returns:
str: Generated url for http request
"""
url = consts.URL[self.type_of_data].format(
hostname=self.hostname,
sub_type=self.sub_type,
iterator_name=iterator_name,
operation=operation,
)
return url
async def aio_http_handler(self, url, session: aiohttp.ClientSession, server_disconnect_retry=0):
"""Make http request and handle the api call errors.
Args:
url (str): The url to perform the http request.
session (aiohttp.ClientSession): The session object used to perform api calls.
Raises:
NetskopeException: Netskope Custom Exception
Returns:
dict: Response from the api
"""
__method_name = inspect.currentframe().f_code.co_name
try:
retry_count_429 = 0
retry_count_409 = 0
retry_count_500 = 0
# Implemented retry mechanism for the status codes 409, 429 and 500.
# Retry count for 429 is higher due to higher frequency seen in tests.
while retry_count_429 <= 3 and retry_count_409 <= 1 and retry_count_500 <= 1:
applogger.debug(
"{}(method={}) : {} ({}): Initiating the get request.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
response = await session.get(url=url)
applogger.info(
"{}(method={}) : {} ({}): The API call response status code is {}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
response.status,
)
)
if response.status == 200:
applogger.info(
"{}(method={}) : {} ({}): Successfully fetched netskope data.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
json_response = await response.json()
return json_response
elif response.status == 403:
applogger.error(
"{}(method={}) : {} ({}): Status code 403 token issue."
"Check the API V2 token is associated to the valid endpoint and its not expired.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
raise NetskopeException()
elif response.status == 409:
applogger.error(
"{}(method={}) : {} ({}): Status code 409."
"Concurrency conflict and the request cannot be processed currently. Sleeping...".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
retry_count_409 += 1
await asyncio.sleep(randrange(2, 10))
elif response.status == 429:
retry_after = response.headers.get("RateLimit-Reset")
applogger.error(
"{}(method={}) : {} ({}): Status code 429."
"Too many request for the same tenant for the same endpoint. Retrying after {} seconds.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
retry_after,
)
)
await asyncio.sleep(float(retry_after))
retry_count_429 += 1
elif response.status >= 500 and response.status < 600:
applogger.error(
"{}(method={}) : {} ({}): Status code {}. Netskope is having a temporary server issue."
"Retrying after 5 seconds.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
response.status,
)
)
await asyncio.sleep(randrange(5, 10))
retry_count_500 += 1
applogger.error(
"{}(method={}) : {} ({}): Max retries exceeded.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
raise NetskopeException()
# Catching Server Disconnected Error which occurs when the amount of concurrent requests increases.
# Hence Retrying with random sleep timer.
except ServerDisconnectedError as server_error:
if server_disconnect_retry < 3:
retry_time = randrange(2, 10)
applogger.error(
"{}(method={}) : {} ({}): Server Disconnect error. Error-{}. Retrying after - {} seconds.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
server_error,
retry_time,
)
)
server_disconnect_retry += 1
await asyncio.sleep(retry_time)
json_response = await self.aio_http_handler(url, session, server_disconnect_retry)
return json_response
applogger.error(
"{}(method={}) : {} ({}): Max retries exceeded for server disconnect error.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
raise NetskopeException()
except NetskopeException:
applogger.error(
"{}(method={}) : {} ({}): Error while fetching data.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
raise NetskopeException()
except Exception as error:
applogger.error(
"{}(method={}) : {} ({}): Error while fetching data, Error-{}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
error,
)
)
raise NetskopeException()

812
Solutions/Netskopev2/Data Connectors/NetskopeDataConnector/NetskopeToAzureStorage/netskope_to_azure_storage.py Normal file
Просмотреть файл

@ -0,0 +1,812 @@
"""Fetch Netskope data and post to azure storage."""
import inspect
import json
import time
import aiohttp
import asyncio
from SharedCode.netskope_exception import NetskopeException
from .netskope_api_async import NetskopeAPIAsync
from ..SharedCode.state_manager import StateManager
from ..SharedCode.logger import applogger
from ..SharedCode import consts
from ..SharedCode.validate_params import validate_parameters
from azure.storage.fileshare import ShareServiceClient
class NetskopeToAzureStorage:
"""Netskope to azure storage utility class."""
def __init__(self, type_of_data, sub_type) -> None:
"""Initialize variables.
Args:
type_of_data (str): type of Netskope data
sub_type (str): subtype of Netskope data
"""
self.iterators = None
self.starttime = int(time.time())
self.netskope_api_async_obj = NetskopeAPIAsync(type_of_data, sub_type)
self.share_name = type_of_data + sub_type + "data"
self.share_name_for_duplication_check = type_of_data + sub_type + "duplicationcheck"
self.type_of_data = type_of_data
self.sub_type = sub_type
self.nskp_data_type_for_logging = self.type_of_data + "_" + self.sub_type
self.count = 0
self.start_epoch_filename = "{}_start_epoch"
try:
validate_parameters(consts.NETSKOPE_TO_AZURE_STORAGE)
except NetskopeException:
applogger.error(
"{}(method={}) : {} ({}) : Error while initializing the class.".format(
consts.LOGS_STARTS_WITH,
"__init__",
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
raise NetskopeException()
def is_response_empty(self, json_response):
"""Check if response is empty or not.
Args:
json_response (dict): Response from the netskope api.
Raises:
NetskopeException: Netskope Custom Exception.
Returns:
bool: True if response is empty else False.
"""
__method_name = inspect.currentframe().f_code.co_name
try:
if len(json_response.get("result")) == 0:
applogger.info(
"{}(method={}) : {} ({}) : The data returned is empty. Continuing to next iteration.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
return True
except KeyError as key_error:
applogger.error(
"{}(method={}) : {} ({}) : Error while accessing the data key in the response. Error-{}".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
key_error,
)
)
raise NetskopeException()
except Exception as error:
applogger.error(
"{}(method={}) : {} ({}) : Unknown Error. Error-{}".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
error,
)
)
raise NetskopeException()
return False
def delete_file_share(self):
"""Delete the file share.
Raises:
NetskopeException: Netskope Custom Exception.
"""
__method_name = inspect.currentframe().f_code.co_name
try:
applogger.info(
"{}(method={}) : {} ({}) : Deleting the file share.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
parent_dir = ShareServiceClient.from_connection_string(
conn_str=consts.CONNECTION_STRING,
)
# deleting both the file shares for initializing iterators again.
# deleting both share as if only one is deleted then there would be error in storage to sentinel.
parent_dir.delete_share(self.share_name)
parent_dir.delete_share(self.share_name_for_duplication_check)
except Exception as error:
applogger.error(
"{}(method={}) : {} ({}) : Unknown Error. Error-{}".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
error,
)
)
raise NetskopeException()
async def honour_wait_time(self, data):
"""Honour the wait time returned in the response.
Args:
data (dict): The response returned by the netskope api.
Raises:
NetskopeException: Netskope custom exception.
"""
__method_name = inspect.currentframe().f_code.co_name
try:
wait_time = int(data.get("wait_time"))
if wait_time > 0:
applogger.info(
"{}(method={}) : {} ({}) : The wait time returned is {}. Sleeping....".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
wait_time,
)
)
await asyncio.sleep(wait_time)
except KeyError as key_error:
applogger.error(
"{}(method={}) : {} ({}) : The Key wait_time not found. Error-{}".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
key_error,
)
)
raise NetskopeException()
except Exception as error:
applogger.error(
"{}(method={}) : {} ({}) : Error while honouring wait time. Error-{}".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
error,
)
)
raise NetskopeException()
async def reset_iterators(self, index, last_data_epoch, end_epoch, session):
"""Reset Netskope iterator.
Args:
index (int): index of iterator
last_epoch (int): last epoch time
session (aiohttp.ClientSession): session object
Returns:
int: updated epoch time
"""
__method_name = inspect.currentframe().f_code.co_name
try:
last_epoch_save_obj = StateManager(
consts.CONNECTION_STRING,
"{}_end_epoch_{}".format(index, str(int(time.time()))),
self.share_name_for_duplication_check,
)
last_epoch_save_obj.post(str(last_data_epoch))
updated_epoch = (3 * consts.DIFFERENCE_BETWEEN_ITERATORS_IN_SECONDS) + end_epoch
temp_state_manager_obj = StateManager(
consts.CONNECTION_STRING,
self.start_epoch_filename.format(index),
self.share_name,
)
url = self.netskope_api_async_obj.url_builder(index, updated_epoch)
data = await self.netskope_api_async_obj.aio_http_handler(url, session)
temp_state_manager_obj.post(str(updated_epoch))
applogger.info(
"{}(method={}) : {} ({}) : Reset epoch {} for iterator {}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
updated_epoch,
index,
)
)
file_name_for_saving = "{}_{}_{}_{}"
epoch = int(data.get("timestamp_hwm"))
if epoch > updated_epoch + 2 * consts.DIFFERENCE_BETWEEN_ITERATORS_IN_SECONDS:
applogger.info(
"{}(method={}) : {} ({}) : The epoch timestamp is more than the next iterator,"
"allowed chunk for iterator-{}. Current-{}, End-{} .".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
index,
epoch,
updated_epoch + consts.DIFFERENCE_BETWEEN_ITERATORS_IN_SECONDS,
)
)
file_name_for_saving = "{}_{}_{}_{}_empty_file"
data = {"ok": 1, "result": [], "wait_time": data.get("wait_time"), "timestamp_hwm": updated_epoch}
state_manager_obj_to_post_data = StateManager(
consts.CONNECTION_STRING,
file_name_for_saving.format(
index,
str(self.starttime),
str(updated_epoch),
str(int(time.time())),
),
self.share_name_for_duplication_check,
)
state_manager_obj_to_post_data.post(json.dumps(data))
start_epoch_state_manager_obj_for_duplicate_handle = StateManager(
consts.CONNECTION_STRING,
"{}_start_epoch_{}".format(index, str(int(time.time()))),
self.share_name_for_duplication_check,
)
start_epoch_state_manager_obj_for_duplicate_handle.post(str(updated_epoch))
await self.honour_wait_time(data)
return updated_epoch
except NetskopeException:
applogger.error(
"{}(method={}) : {} ({}) : Error while reseting iterators.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
raise NetskopeException()
except Exception as error:
applogger.error(
"{}(method={}) : {} ({}) : Error while reseting iterators, Error-{}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
error,
)
)
raise NetskopeException()
async def initiate_iterators(self):
"""Initialize Netskope iterators."""
__method_name = inspect.currentframe().f_code.co_name
applogger.info(
"{}(method={}) : {} ({}) : Initializing the iterators.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
try:
iterators_state_manager_obj = StateManager(consts.CONNECTION_STRING, "iteratorsname", self.share_name)
self.iterators = []
for i in range(4):
self.iterators.append(
"{}{}NSKPIterator{}_{}".format(self.type_of_data, self.sub_type, str(int(time.time())), i)
)
iterators_state_manager_obj.post(json.dumps(self.iterators))
share_name = self.share_name
async with aiohttp.ClientSession(
headers={
"User-Agent": "Netskope MSSentinel",
"Netskope-Api-Token": consts.NETSKOPE_TOKEN,
}
) as session:
is_first_iterator = True
for iterator in self.iterators:
if is_first_iterator:
url = self.netskope_api_async_obj.url_builder(iterator, "head")
data = await self.netskope_api_async_obj.aio_http_handler(url, session)
epoch = int(data.get("timestamp_hwm"))
applogger.info(
"{}(method={}) : {} ({}) : Initial epoch for first iterator {} is {}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
iterator,
epoch,
)
)
is_first_iterator = False
else:
share_name = self.share_name_for_duplication_check
epoch += consts.DIFFERENCE_BETWEEN_ITERATORS_IN_SECONDS
applogger.info(
"{}(method={}) : {} ({}) : Initial epoch for {} is {}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
iterator,
epoch,
)
)
url = self.netskope_api_async_obj.url_builder(iterator, epoch)
data = await self.netskope_api_async_obj.aio_http_handler(url, session)
# start_epoch_state_manager_obj_for_duplicate_handle this is the epoch value of the file stored
# so that it can be used in removing the overlapping duplicates.
start_epoch_state_manager_obj_for_duplicate_handle = StateManager(
consts.CONNECTION_STRING,
"{}_start_epoch_{}".format(iterator, str(int(time.time()))),
share_name,
)
start_epoch_state_manager_obj_for_duplicate_handle.post(str(epoch))
write_data_state_manager_obj = StateManager(
consts.CONNECTION_STRING,
"{}_{}_{}_{}".format(
iterator,
str(self.starttime),
str(epoch),
str(int(time.time())),
),
share_name,
)
write_data_state_manager_obj.post(json.dumps(data))
is_last_failed_state_manager_obj = StateManager(
consts.CONNECTION_STRING,
"{}_is_last_failed".format(iterator),
self.share_name,
)
is_last_failed_state_manager_obj.post("False")
start_epoch_state_manager_obj = StateManager(
consts.CONNECTION_STRING,
self.start_epoch_filename.format(iterator),
self.share_name,
)
start_epoch_state_manager_obj.post(str(epoch))
await self.honour_wait_time(data)
except NetskopeException:
applogger.error(
"{}(method={}) : {} ({}) : Error while Initializing iterators.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
raise NetskopeException()
except Exception as error:
applogger.error(
"{}(method={}) : {} ({}) : Error while Initializing iterators, Error-{}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
error,
)
)
raise NetskopeException()
async def remove_duplicates_generated_due_to_data_saving_failures(self, index, data, epoch):
"""Remove duplicate data if any due to data saving failure in the previous invocation.
Args:
index (str): The iterator name.
data (dict): The data to check duplicate for.
epoch (int): The epoch value in the data.
Raises:
NetskopeException: Custom Netskope Exception.
Returns:
bool: True if data is duplicate else False.
"""
__method_name = inspect.currentframe().f_code.co_name
try:
applogger.info("Checking for Duplicates")
from azure.storage.fileshare import ShareDirectoryClient
parent_dir = ShareDirectoryClient.from_connection_string(
conn_str=consts.CONNECTION_STRING,
share_name=self.share_name,
directory_path="",
)
list_of_files_response = parent_dir.list_directories_and_files(name_starts_with=index)
list_of_files = [file["name"] for file in list_of_files_response]
file_name_with_provided_epoch = None
epoch_of_file = 0
for file in list_of_files:
if (
"epoch" not in file
and "failed" not in file
and int(file.split("_")[-2]) == epoch
and int(file.split("_")[-1]) > epoch_of_file
):
file_name_with_provided_epoch = file
epoch_of_file = int(file.split("_")[-1])
if file_name_with_provided_epoch:
try:
state_manager_obj = StateManager(
consts.CONNECTION_STRING, file_name_with_provided_epoch, self.share_name
)
# Here we are fetching the previously saved data and comparing it with the data
# recieved in the current iteration and check if the data is duplicate or not.
duplicate_data = state_manager_obj.get(consts.NETSKOPE_TO_AZURE_STORAGE)
duplicate_json_data = json.loads(duplicate_data)
if duplicate_json_data == data or self.is_response_empty(duplicate_json_data):
applogger.error(
"{}(method={}) : {} ({}) : The data with epoch-{} and iterator-{} is duplicate.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
epoch,
index,
)
)
return True
return False
except json.JSONDecodeError:
parent_dir.delete_file(file_name_with_provided_epoch)
return False
return False
except Exception as error:
applogger.error(
"{}(method={}) : {} ({}) : Unknown Error, Error-{}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
error,
)
)
raise NetskopeException()
async def get_netskope_data_and_post_to_azure_storage(self, index, url, session, end_epoch, is_resend=False):
"""Fetch Netskope data and post to azure storage.
Args:
index (str): name of iterator
url (str): url for request
session (aiohttp.ClientSession): session object
end_epoch (int): end time epoch
is_resend (bool): if it is resend or not.
Returns:
int: updated epoch time
"""
__method_name = inspect.currentframe().f_code.co_name
try:
share_name = self.share_name
data = await self.netskope_api_async_obj.aio_http_handler(url, session)
epoch = int(data.get("timestamp_hwm"))
is_duplicate = False
if is_resend:
is_duplicate = await self.remove_duplicates_generated_due_to_data_saving_failures(index, data, epoch)
if is_duplicate:
applogger.info("The data for epoch {} and iterator {} was duplicate".format(epoch, index))
return None
applogger.info(
"{}(method={}) : {} ({}) : Netskope data fetched for iterator {} till {}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
index,
epoch,
)
)
file_name_for_saving = "{}_{}_{}_{}"
if epoch >= end_epoch:
share_name = self.share_name_for_duplication_check
if epoch > end_epoch + consts.DIFFERENCE_BETWEEN_ITERATORS_IN_SECONDS:
applogger.info(
"{}(method={}) : {} ({}) : The epoch timestamp is more than the next iterator,"
"allowed chunk for iterator-{}. Current-{}, End-{} .".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
index,
epoch,
end_epoch,
)
)
share_name = self.share_name_for_duplication_check
epoch = end_epoch
file_name_for_saving = "{}_{}_{}_{}_empty_file"
data = {"ok": 1, "result": [], "wait_time": data.get("wait_time"), "timestamp_hwm": end_epoch}
state_manager_obj_to_post_data = StateManager(
consts.CONNECTION_STRING,
file_name_for_saving.format(
index,
str(self.starttime),
str(epoch),
str(int(time.time())),
),
share_name,
)
state_manager_obj_to_post_data.post(json.dumps(data))
applogger.info(
"{}(method={}) : {} ({}) : Netskope data posted to azure storage for iterator {}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
index,
)
)
if epoch >= end_epoch:
applogger.info(
"{}(method={}) : {} ({}) : Iterator-{} : Got the {} seconds netskope data at time-{}, "
"Breaking Execution.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
index,
consts.DIFFERENCE_BETWEEN_ITERATORS_IN_SECONDS,
int(time.time()),
)
)
updated_start = await self.reset_iterators(index, epoch, end_epoch, session)
update_end_epoch = updated_start + consts.DIFFERENCE_BETWEEN_ITERATORS_IN_SECONDS
return update_end_epoch
await self.honour_wait_time(data)
except NetskopeException:
applogger.error(
"{}(method={}) : {} ({}) : Error while getting data and post to state manager.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
raise NetskopeException()
except Exception as error:
applogger.error(
"{}(method={}) : {} ({}) : Error captured in perform_request_function, Error-{}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
error,
)
)
raise NetskopeException()
async def check_last_failed_status_and_start_execution(self, index, end_epoch):
"""Check if last invocation was interrupted or not and start the execution accordingly.
Args:
index (int): index of iterator
end_epoch (int): end epoch time
"""
__method_name = inspect.currentframe().f_code.co_name
try:
async with aiohttp.ClientSession(
headers={
"User-Agent": "Netskope MSSentinel",
"Netskope-Api-Token": consts.NETSKOPE_TOKEN,
}
) as session:
is_last_failed_obj = StateManager(
consts.CONNECTION_STRING,
"{}_is_last_failed".format(index),
self.share_name,
)
while True:
# DATA_COLLECTION_TIMEOUT value is 570 seconds which is 9 minutes and 30 seconds
# We stop the exection at 9 minutes and 30 seconds to avoid issues due to function timeout.
if int(time.time()) >= self.starttime + consts.DATA_COLLECTION_TIMEOUT:
applogger.info(
"{}(method={}) : {} ({}) : 9:30 mins executed hence breaking.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
break
is_last_failed = is_last_failed_obj.get(consts.NETSKOPE_TO_AZURE_STORAGE)
if is_last_failed == "False":
applogger.debug(
"{}(method={}) : {} ({}) : Fetching next Netskope data for iterator {}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
index,
)
)
is_last_failed_obj.post("True")
url = self.netskope_api_async_obj.url_builder(index, "next")
end_epoch_to_update = await self.get_netskope_data_and_post_to_azure_storage(
index, url, session, end_epoch
)
is_last_failed_obj.post("False")
else:
applogger.debug(
"{}(method={}) : {} ({}) : Last iteration failed for iterator {}, hence retrying.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
index,
)
)
url = self.netskope_api_async_obj.url_builder(index, "resend")
end_epoch_to_update = await self.get_netskope_data_and_post_to_azure_storage(
index, url, session, end_epoch, True
)
is_last_failed_obj.post("False")
self.count += 1
applogger.debug(
"{}(method={}) : {} ({}) : The number of files stored to azure storage is {}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
self.count,
)
)
if end_epoch_to_update is not None:
end_epoch = end_epoch_to_update
except NetskopeException:
applogger.error(
"{}(method={}) : {} ({}) : Error while getting Netskope data.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
raise NetskopeException()
except Exception as error:
applogger.error(
"{}(method={}) : {} ({}) : Error captured in get data, Error-{}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
error,
)
)
raise NetskopeException()
async def create_tasks(self, start_epochs_list):
"""Create asynchronous tasks of the get data function.
Args:
start_epochs_list (list): list of the start epochs
Raises:
NetskopeException: Netskope Custom Exception
Returns:
list: lists of created tasks
"""
__method_name = inspect.currentframe().f_code.co_name
try:
tasks_to_return = []
for i, start_epoch in enumerate(start_epochs_list):
# DIFFERENCE_BETWEEN_ITERATORS_IN_SECONDS is the time difference between any two iterators.
# We calculate the end epoch of an iterator and reset epoch based on this value.
end_epoch = start_epoch + consts.DIFFERENCE_BETWEEN_ITERATORS_IN_SECONDS
if end_epoch > int(time.time()):
applogger.info(
"{}(method={}) : {} ({}) : The iterator-{} is in {} seconds range of the current time,"
"hence skipping execution.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
self.iterators[i],
consts.DIFFERENCE_BETWEEN_ITERATORS_IN_SECONDS,
)
)
continue
tasks_to_return.append(
asyncio.create_task(self.check_last_failed_status_and_start_execution(self.iterators[i], end_epoch))
)
return tasks_to_return
except Exception as e:
applogger.error(
"{}(method={}) : {} ({}) : Error occurred in Netskope to azure storage, Error-{}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
e,
)
)
raise NetskopeException()
async def initiate_and_manage_iterators(self):
"""Initiate the iterators if first run and start the normal execution."""
__method_name = inspect.currentframe().f_code.co_name
try:
applogger.debug(
"{}(method={}) : {} ({}) : Starting execution.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
iterators_state_manager_obj = StateManager(consts.CONNECTION_STRING, "iteratorsname", self.share_name)
self.iterators = iterators_state_manager_obj.get(consts.NETSKOPE_TO_AZURE_STORAGE)
if self.iterators is None:
await self.initiate_iterators()
else:
self.iterators = json.loads(self.iterators)
start_epochs_list = []
iterator_initialize_successful = False
retry_initiate_iterators = 0
while not iterator_initialize_successful and retry_initiate_iterators < 3:
iterator_initialize_successful = True
for index in self.iterators:
start_epoch_obj = StateManager(
consts.CONNECTION_STRING,
self.start_epoch_filename.format(index),
self.share_name,
)
start_epoch_raw = start_epoch_obj.get(consts.NETSKOPE_TO_AZURE_STORAGE)
if start_epoch_raw is None:
applogger.error(
"{}(method={}) : {} ({}) : None returned in the start epoch for iterator-{}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
index,
)
)
iterator_initialize_successful = False
break
start_epochs_list.append(int(start_epoch_raw))
if not iterator_initialize_successful:
applogger.info(
"{}(method={}) : {} ({}) : Initialization Failed, Deleting the file share and Retrying.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
self.delete_file_share()
await self.initiate_iterators()
retry_initiate_iterators += 1
if not iterator_initialize_successful:
applogger.error(
"{}(method={}) : {} ({}) : Iterator initialization was not successful."
"Try execution after sometime.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
raise NetskopeException()
tasks = await self.create_tasks(start_epochs_list)
await asyncio.gather(*tasks, return_exceptions=True)
except NetskopeException:
applogger.error(
"{}(method={}) : {} ({}) : Error occurred in Netskope to azure storage.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
)
)
raise NetskopeException()
except Exception as error:
applogger.error(
"{}(method={}) : {} ({}) : Error occurred in Netskope to azure storage, Error-{}.".format(
consts.LOGS_STARTS_WITH,
__method_name,
consts.NETSKOPE_TO_AZURE_STORAGE,
self.nskp_data_type_for_logging,
error,
)
)
raise NetskopeException()

Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше