diff --git a/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/AzureFunctionOktaSSO.zip b/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/AzureFunctionOktaSSO.zip new file mode 100644 index 0000000000..a532d9a226 Binary files /dev/null and b/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/AzureFunctionOktaSSO.zip differ diff --git a/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/AzureFunctionOktaSSO/function.json b/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/AzureFunctionOktaSSO/function.json new file mode 100644 index 0000000000..845c9473aa --- /dev/null +++ b/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/AzureFunctionOktaSSO/function.json @@ -0,0 +1,11 @@ +{ + "bindings": [ + { + "type": "timerTrigger", + "name": "Timer", + "schedule": "0 */5 * * * *", + "direction": "in" + } + ], + "disabled": false + } \ No newline at end of file diff --git a/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/AzureFunctionOktaSSO/run.ps1 b/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/AzureFunctionOktaSSO/run.ps1 new file mode 100644 index 0000000000..7a336f8606 --- /dev/null +++ b/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/AzureFunctionOktaSSO/run.ps1 @@ -0,0 +1,101 @@ +<# + Title: Okta Data Connector + Language: PowerShell + Version: 1.0 + Author(s): Microsoft + Last Modified: 5/12/2020 + Comment: Inital Release + + DESCRIPTION + This Function App calls the Okta System Log API (https://developer.okta.com/docs/reference/api/system-log/) to pull the Okta System logs. The response from the Okta API is recieved in JSON format. This function will build the signature and authorization header + needed to post the data to the Log Analytics workspace via the HTTP Data Connector API. The Function App will post the Okta logs to the Okta_CL table in the Log Analytics workspace. +#> + +# Input bindings are passed in via param block. +param($Timer) +# Get the current universal time in the default string format +$currentUTCtime = (Get-Date).ToUniversalTime() +# The 'IsPastDue' porperty is 'true' when the current function invocation is later than scheduled. +if ($Timer.IsPastDue) { + Write-Host "PowerShell timer is running late!" +} + +# Build the headers for the Okta API request +$apiToken = $env:apiToken +$time = $env:timeInterval +$uri = $env:uri + +$startDate = [System.DateTime]::UtcNow.AddMinutes(-$($time)).ToString("yyyy-MM-dd'T'HH:mm:sssZ") +$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" +$headers.Add("Content-Type", "application/json") +$headers.Add("Authorization", "SSWS $apiToken") +$response = Invoke-RestMethod -uri "$uri$($startDate)" -Method 'GET' -Headers $headers -Body $body + +# Define the Log Analytics Workspace ID and Key and Custom Table Name +$customerId = $env:workspaceId +$sharedKey = $env:workspaceKey +$LogType = $env:tableName +$TimeStampField = "DateValue" + +# Function to create the authorization signature +Function Build-Signature ($customerId, $sharedKey, $date, $contentLength, $method, $contentType, $resource) +{ + $xHeaders = "x-ms-date:" + $date + $stringToHash = $method + "`n" + $contentLength + "`n" + $contentType + "`n" + $xHeaders + "`n" + $resource + + $bytesToHash = [Text.Encoding]::UTF8.GetBytes($stringToHash) + $keyBytes = [Convert]::FromBase64String($sharedKey) + + $sha256 = New-Object System.Security.Cryptography.HMACSHA256 + $sha256.Key = $keyBytes + $calculatedHash = $sha256.ComputeHash($bytesToHash) + $encodedHash = [Convert]::ToBase64String($calculatedHash) + $authorization = 'SharedKey {0}:{1}' -f $customerId,$encodedHash + return $authorization +} + +# Function to create and post the request +Function Post-LogAnalyticsData($customerId, $sharedKey, $body, $logType) +{ + $method = "POST" + $contentType = "application/json" + $resource = "/api/logs" + $rfc1123date = [DateTime]::UtcNow.ToString("r") + $contentLength = $body.Length + $signature = Build-Signature ` + -customerId $customerId ` + -sharedKey $sharedKey ` + -date $rfc1123date ` + -contentLength $contentLength ` + -method $method ` + -contentType $contentType ` + -resource $resource + $uri = "https://" + $customerId + ".ods.opinsights.azure.com" + $resource + "?api-version=2016-04-01" + + $headers = @{ + "Authorization" = $signature; + "Log-Type" = $logType; + "x-ms-date" = $rfc1123date; + "time-generated-field" = $TimeStampField; + } + + $response = Invoke-WebRequest -Uri $uri -Method $method -ContentType $contentType -Headers $headers -Body $body -UseBasicParsing + return $response.StatusCode + +} + +$recordCount = $response.Count + +if ($recordCount -gt 0) { + Write-Output "$recordCount record(s) are avaliable as of $startDate" + $json = $response | ConvertTo-Json -Depth 5 + Post-LogAnalyticsData -customerId $customerId -sharedKey $sharedKey -body ([System.Text.Encoding]::UTF8.GetBytes($json)) -logType $LogType +} +else{ + + Write-Output "No new Okta logs are avaliable as of $startDate" +} + +# Write an information log with the current time. +Write-Host "PowerShell timer trigger function ran! TIME: $currentUTCtime" + diff --git a/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/host.json b/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/host.json new file mode 100644 index 0000000000..690515ebd7 --- /dev/null +++ b/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/host.json @@ -0,0 +1,10 @@ +{ + "version": "2.0", + "managedDependency": { + "Enabled": true + }, + "extensionBundle": { + "id": "Microsoft.Azure.Functions.ExtensionBundle", + "version": "[1.*, 2.0.0)" + } + } \ No newline at end of file diff --git a/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/profile.ps1 b/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/profile.ps1 new file mode 100644 index 0000000000..b2360544a1 --- /dev/null +++ b/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/profile.ps1 @@ -0,0 +1,20 @@ +# Azure Functions profile.ps1 +# +# This profile.ps1 will get executed every "cold start" of your Function App. +# "cold start" occurs when: +# +# * A Function App starts up for the very first time +# * A Function App starts up after being de-allocated due to inactivity +# +# You can define helper functions, run commands, or specify environment variables +# NOTE: any variables defined that are not environment variables will get reset after the first execution +# Authenticate with Azure PowerShell using MSI. +# Remove this if you are not planning on using MSI or Azure PowerShell. + +if ($env:MSI_SECRET -and (Get-Module -ListAvailable Az.Accounts)) { +     Connect-AzAccount -Identity + } + + # Uncomment the next line to enable legacy AzureRm alias in Azure PowerShell. + # Enable-AzureRmAlias + # You can also define functions or aliases that can be referenced in any of your PowerShell functions. \ No newline at end of file diff --git a/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/requirements.psd1 b/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/requirements.psd1 new file mode 100644 index 0000000000..341251dabf --- /dev/null +++ b/DataConnectors/Okta Single Sign-On/AzureFunctionOktaSSO/requirements.psd1 @@ -0,0 +1,7 @@ +# This file enables modules to be automatically managed by the Functions service. +# See https://aka.ms/functionsmanageddependency for additional information. +# +@{ + # For latest supported version, go to 'https://www.powershellgallery.com/packages/Az'. + 'Az' = '4.*' +} \ No newline at end of file diff --git a/DataConnectors/Okta Single Sign-On/Connector_REST_API_FunctionApp_Okta.json b/DataConnectors/Okta Single Sign-On/Connector_REST_API_FunctionApp_Okta.json new file mode 100644 index 0000000000..f6ded8da22 --- /dev/null +++ b/DataConnectors/Okta Single Sign-On/Connector_REST_API_FunctionApp_Okta.json @@ -0,0 +1,130 @@ +{ + "id": "OktaSSO", + "title": "Okta Single Sign-On (Preview)", + "publisher": "Okta", + "descriptionMarkdown": "The [Okta Single Sign-On (SSO)](https://www.okta.com/products/single-sign-on/) connector provides the capability to ingest audit and event logs from the Okta API into Azure Sentinel. The connector provides visibility into these log types in Azure Sentinel to view dashboards, create custom alerts, and to improve monitoring and investigation capabilities.", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "Okta Logs", + "baseQuery": "Okta_CL" + } + ], + "sampleQueries": [ + { + "description" : "Top 10 Active Applications", + "query": "Okta_CL \n| mv-expand todynamic(target_s) \n| where target_s.type == \"AppInstance\" \n| summarize count() by tostring(target_s.alternateId) \n| top 10 by count_" + }, + { + "description" : "Top 10 Client IP Addresses", + "query": "Okta_CL \n| summarize count() by client_ipAddress_s \n| top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "Okta_CL", + "lastDataReceivedQuery": "Okta_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriterias": [ + { + "type": "IsConnectedQuery", + "value": [ + "Okta_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1 + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider":"Microsoft.Web/sites", + "permissionsDisplayText":"read and write permissions to Azure Functions to create a Function App. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/).", + "providerDisplayName":"Azure Functions", + "scope":"Azure Functions", + "requiredPermissions":{ + "read": true, + "write": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "Okta API Token", + "description": "A Okta API Token is required. See the documentation to learn more about the [Okta System Log API](https://developer.okta.com/docs/reference/api/system-log/)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Okta SSO to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Okta SSO API**\n\n [Follow these instructions](https://developer.okta.com/docs/guides/create-an-api-token/create-the-token/) to create an API Token." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Okta SSO connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Okta SSO API Authorization Token, readily available.", + "instructions":[ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "This method provides an automated deployment of the Okta SSO connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentineloktaazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Token**, **URI** and **TimeInterval**. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion.\n - Use the following schema for the `uri` value: `https:///api/v1/logs?since=` Replace `` with your domain. [Click here](https://developer.okta.com/docs/reference/api-overview/#url-namespace) for further details on how to identify your Okta domain namespace. There is no need to add a time suffix to the URI, the Function App will dynamically append the time value to the URI in the proper format. \n - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Okta SSO connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ Add**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n4. Click on **Code + Test** on the left pane. \n5. Copy the [Function App Code](https://aka.ms/sentineloktaazurefunctioncode) and paste into the Function App `run.ps1` editor.\n5. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following five (5) application settings individually, with their respective string values (case-sensitive): \n\t\tapiToken\n\t\ttimeInterval\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n - Set the `timeInterval` (in minutes) to the default value of `5` to correspond to the default Timer Trigger of every `5` minutes. Note that modifying time interval will require modifying the Function App Timer Trigger accordingly to prevent overlapping data.\n - Use the following schema for the `uri` value: `https:///api/v1/logs?since=` Replace `` with your domain. [Click here](https://developer.okta.com/docs/reference/api-overview/#url-namespace) for further details on how to identify your Okta domain namespace. There is no need to add a time suffix to the URI, the Function App will dynamically append the time value to the URI in the proper format.\n - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Once all application settings have been entered, click **Save**." + } + ] +} \ No newline at end of file diff --git a/DataConnectors/Okta Single Sign-On/azuredeploy_OktaSingleSignOn_API_FunctionApp.json b/DataConnectors/Okta Single Sign-On/azuredeploy_OktaSingleSignOn_API_FunctionApp.json new file mode 100644 index 0000000000..944041852f --- /dev/null +++ b/DataConnectors/Okta Single Sign-On/azuredeploy_OktaSingleSignOn_API_FunctionApp.json @@ -0,0 +1,235 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "FunctionName": { + "defaultValue": "OktaSSOAPI", + "type": "string" + }, + "WorkspaceID": { + "type": "string", + "defaultValue": "" + }, + "WorkspaceKey": { + "type": "string", + "defaultValue": "" + }, + "APIToken": { + "type": "string", + "defaultValue": "" + }, + "Uri": { + "type": "string", + "defaultValue": "https:///api/v1/logs?since=" + }, + "TimeInterval": { + "type": "string", + "defaultValue": "5" + } + }, + "variables": { + }, + "resources": [ + { + "type": "Microsoft.Insights/components", + "apiVersion": "2015-05-01", + "name": "[parameters('FunctionName')]", + "location": "[resourceGroup().location]", + "kind": "web", + "properties": { + "Application_Type": "web", + "ApplicationId": "[parameters('FunctionName')]" + } + }, + + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2019-06-01", + "name": "[tolower(parameters('FunctionName'))]", + "location": "[resourceGroup().location]", + "sku": { + "name": "Standard_LRS", + "tier": "Standard" + }, + "kind": "StorageV2", + "properties": { + "networkAcls": { + "bypass": "AzureServices", + "virtualNetworkRules": [ + ], + "ipRules": [ + ], + "defaultAction": "Allow" + }, + "supportsHttpsTrafficOnly": true, + "encryption": { + "services": { + "file": { + "keyType": "Account", + "enabled": true + }, + "blob": { + "keyType": "Account", + "enabled": true + } + }, + "keySource": "Microsoft.Storage" + } + } + }, + { + "type": "Microsoft.Web/serverfarms", + "apiVersion": "2018-02-01", + "name": "[parameters('FunctionName')]", + "location": "[resourceGroup().location]", + "sku": { + "name": "Y1", + "tier": "Dynamic" + }, + "kind": "functionapp", + "properties": { + "name": "[parameters('FunctionName')]", + "workerSize": "0", + "workerSizeId": "0", + "numberOfWorkers": "1" + } + }, + { + "type": "Microsoft.Storage/storageAccounts/blobServices", + "apiVersion": "2019-06-01", + "name": "[concat(parameters('FunctionName'), '/default')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', tolower(parameters('FunctionName')))]" + ], + "sku": { + "name": "Standard_LRS", + "tier": "Standard" + }, + "properties": { + "cors": { + "corsRules": [ + ] + }, + "deleteRetentionPolicy": { + "enabled": false + } + } + }, + { + "type": "Microsoft.Storage/storageAccounts/fileServices", + "apiVersion": "2019-06-01", + "name": "[concat(parameters('FunctionName'), '/default')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', tolower(parameters('FunctionName')))]" + ], + "sku": { + "name": "Standard_LRS", + "tier": "Standard" + }, + "properties": { + "cors": { + "corsRules": [ + ] + } + } + }, + { + "type": "Microsoft.Web/sites", + "apiVersion": "2018-11-01", + "name": "[parameters('FunctionName')]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', tolower(parameters('FunctionName')))]", + "[resourceId('Microsoft.Web/serverfarms', parameters('FunctionName'))]", + "[resourceId('Microsoft.Insights/components', parameters('FunctionName'))]" + ], + "kind": "functionapp", + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "name": "[parameters('FunctionName')]", + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('FunctionName'))]", + "httpsOnly": true, + "clientAffinityEnabled": true, + "alwaysOn": true + }, + "resources": [ + { + "apiVersion": "2018-11-01", + "type": "config", + "name": "appsettings", + "dependsOn": [ + "[concat('Microsoft.Web/sites/', parameters('FunctionName'))]" + ], + "properties": { + "FUNCTIONS_EXTENSION_VERSION": "~3", + "FUNCTIONS_WORKER_RUNTIME": "powershell", + "APPINSIGHTS_INSTRUMENTATIONKEY": "[reference(resourceId('Microsoft.insights/components', parameters('FunctionName')), '2015-05-01').InstrumentationKey]", + "APPLICATIONINSIGHTS_CONNECTION_STRING": "[reference(resourceId('microsoft.insights/components', parameters('FunctionName')), '2015-05-01').ConnectionString]", + "AzureWebJobsStorage": "[concat('DefaultEndpointsProtocol=https;AccountName=', toLower(parameters('FunctionName')),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', toLower(parameters('FunctionName'))), '2019-06-01').keys[0].value, ';EndpointSuffix=core.windows.net')]", + "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING": "[concat('DefaultEndpointsProtocol=https;AccountName=', toLower(parameters('FunctionName')),';AccountKey=', listKeys(resourceId('Microsoft.Storage/storageAccounts', toLower(parameters('FunctionName'))), '2019-06-01').keys[0].value, ';EndpointSuffix=core.windows.net')]", + "WEBSITE_CONTENTSHARE": "[toLower(parameters('FunctionName'))]", + "workspaceID": "[parameters('WorkspaceID')]", + "workspaceKey": "[parameters('WorkspaceKey')]", + "apiToken": "[parameters('APIToken')]", + "uri": "[parameters('Uri')]", + "timeInterval": "[parameters('TimeInterval')]", + "WEBSITE_RUN_FROM_PACKAGE": "https://aka.ms/sentineloktafunctionzip" + + } + } + ] + }, + { + "type": "Microsoft.Web/sites/hostNameBindings", + "apiVersion": "2018-11-01", + "name": "[concat(parameters('FunctionName'), '/', parameters('FunctionName'), '.azurewebsites.net')]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Web/sites', parameters('FunctionName'))]" + ], + "properties": { + "siteName": "[parameters('FunctionName')]", + "hostNameType": "Verified" + } + }, + { + "type": "Microsoft.Storage/storageAccounts/blobServices/containers", + "apiVersion": "2019-06-01", + "name": "[concat(parameters('FunctionName'), '/default/azure-webjobs-hosts')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts/blobServices', parameters('FunctionName'), 'default')]", + "[resourceId('Microsoft.Storage/storageAccounts', parameters('FunctionName'))]" + ], + "properties": { + "publicAccess": "None" + } + }, + { + "type": "Microsoft.Storage/storageAccounts/blobServices/containers", + "apiVersion": "2019-06-01", + "name": "[concat(parameters('FunctionName'), '/default/azure-webjobs-secrets')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts/blobServices', parameters('FunctionName'), 'default')]", + "[resourceId('Microsoft.Storage/storageAccounts', parameters('FunctionName'))]" + ], + "properties": { + "publicAccess": "None" + } + }, + { + "type": "Microsoft.Storage/storageAccounts/fileServices/shares", + "apiVersion": "2019-06-01", + "name": "[concat(parameters('FunctionName'), '/default/', tolower(parameters('FunctionName')))]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts/fileServices', parameters('FunctionName'), 'default')]", + "[resourceId('Microsoft.Storage/storageAccounts', parameters('FunctionName'))]" + ], + "properties": { + "shareQuota": 5120 + } + } + ] + } + diff --git a/DataConnectors/Sophos XG Firewall/Connector_Syslog_SophosXGFirewall.json b/DataConnectors/Sophos XG Firewall/Connector_Syslog_SophosXGFirewall.json new file mode 100644 index 0000000000..f31c4c26e6 --- /dev/null +++ b/DataConnectors/Sophos XG Firewall/Connector_Syslog_SophosXGFirewall.json @@ -0,0 +1,123 @@ +{ + "id": "SophosXGFirewall", + "title": "Sophos XG Firewall (Preview)", + "publisher": "Sophos", + "descriptionMarkdown": "The [Sophos XG Firewall](https://www.sophos.com/products/next-gen-firewall.aspx) allows you to easily connect your Sophos XG Firewall logs with Azure Sentinel, to view dashboards, create custom alerts, and improve investigations. Integrating Sophos XG Firewall with Azure Sentinel provides more visibility into your organization's firewall traffic and will enhance security monitoring capabilities.", + "additionalRequirementBanner":"These queries and workbooks are dependent on a parser based on a Kusto Function to work as expected. Follow the steps to use this Kusto functions alias **SophosXGFirewall** in queries and workbooks. [Follow these steps to get this Kusto functions.](https://aka.ms/sentinelgithubparserssophosxgfirewall)", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "Sophos", + "baseQuery": "SophosXGFirewall" + } + ], + "sampleQueries": [ + { + "description" : "Top 10 Denied Source IPs", + "query": "SophosXGFirewall \n| where Log_Type == \"Firewall\" and Status == \"Deny\" \n| summarize count() by Src_IP \n| top 10 by count_" + }, + { + "description" : "Top 10 Denied Destination IPs", + "query": "SophosXGFirewall \n| where Log_Type == \"Firewall\" and Status == \"Deny\" \n| summarize count() by Dst_IP \n| top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "Syslog (SophosXGFirewall)", + "lastDataReceivedQuery": "SophosXGFirewall \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } +], + "connectivityCriterias": [ + { + "type": "IsConnectedQuery", + "value": [ + "SophosXGFirewall \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1 + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "write permission is required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "Sophos XG Firewall", + "description": "must be configured to export logs via Syslog" + } + ] +}, + "instructionSteps": [ + { + "title": "", + "description": ">This data connector depends on a parser based on a Kusto Function to work as expected. [Follow these steps](https://aka.ms/sentinelgithubparserssophosfirewallxg) to create the Kusto functions alias, **SophosXGFirewall**", + "instructions": [ + ] + }, + { + "title": "1. Install and onboard the agent for Linux", + "description": "Typically, you should install the agent on a different computer from the one on which the logs are generated.\n\n> Syslog logs are collected only from **Linux** agents.", + "instructions": [ + { + "parameters": { + "title": "Choose where to install the agent:", + "instructionSteps": [ + { + "title": "Install agent on Azure Linux Virtual Machine", + "description": "Select the machine to install the agent on and then click **Connect**.", + "instructions": [ + { + "parameters": { + "linkType": "InstallAgentOnLinuxVirtualMachine" + }, + "type": "InstallAgent" + } + ] + }, + { + "title": "Install agent on a non-Azure Linux Machine", + "description": "Download the agent on the relevant machine and follow the instructions.", + "instructions": [ + { + "parameters": { + "linkType": "InstallAgentOnLinuxNonAzure" + }, + "type": "InstallAgent" + } + ] + } + ] + }, + "type": "InstructionStepsGroup" + } + ] + }, + { + "title": "2. Configure the logs to be collected", + "description": "Configure the facilities you want to collect and their severities.\n 1. Under workspace advanced settings **Configuration**, select **Data** and then **Syslog**.\n 2. Select **Apply below configuration to my machines** and select the facilities and severities.\n 3. Click **Save**.", + "instructions": [ + { + "parameters": { + "linkType": "OpenAdvancedWorkspaceSettings" + }, + "type": "InstallAgent" + } + ] + }, + { + "title": "3. Configure and connect the Sophos XG Firewall", + "description":"[Follow these instructions](https://community.sophos.com/kb/123184#How%20to%20configure%20the%20Syslog%20Server) to enable syslog streaming. Use the IP address or hostname for the Linux device with the Linux agent installed as the Destination IP address." + } +] +} diff --git a/Detections/OktaSSO/FailedLoginsFromUnknownOrInvalidUser.yaml b/Detections/OktaSSO/FailedLoginsFromUnknownOrInvalidUser.yaml new file mode 100644 index 0000000000..7031def51c --- /dev/null +++ b/Detections/OktaSSO/FailedLoginsFromUnknownOrInvalidUser.yaml @@ -0,0 +1,34 @@ +id: 884be6e7-e568-418e-9c12-89229865ffde +name: Failed Logins from Unknown or Invalid User +description: | + 'This creates an incident in the event that numerous login attempts to the management console with an unknown or invalid user name' +severity: Medium +requiredDataConnectors: + - connectorId: OktaSSO + dataTypes: + - Okta_CL +queryFrequency: 1h +queryPeriod: 1h +triggerOperator: gt +triggerThreshold: 0 +tactics: + - CredentialAccess +relevantTechniques: + - T1110 +query: | + + let timeframe = ago(1h); + let FailureThreshold = 15; + let FailedLogins = Okta_CL + | where TimeGenerated > timeframe + | where eventType_s =~ "user.session.start" and outcome_reason_s =~ "UNKNOWN_USER" + | summarize count() by client_ipAddress_s, bin(TimeGenerated, 5m) + | where count_ > FailureThreshold + | project client_ipAddress_s; + Okta_CL + | where published_t > timeframe + | join kind=inner FailedLogins () on client_ipAddress_s + | where eventType_s =~ "user.session.start" and outcome_reason_s =~ "UNKNOWN_USER" + | summarize count() by ClientIP = client_ipAddress_s, City = client_geographicalContext_city_s, Country = client_geographicalContext_country_s, bin(TimeGenerated, 5m) + | sort by TimeGenerated desc + | extend timestamp = TimeGenerated, IPCustomEntity = ClientIP diff --git a/Detections/OktaSSO/LoginfromUsersfromDifferentCountrieswithin3hours.yaml b/Detections/OktaSSO/LoginfromUsersfromDifferentCountrieswithin3hours.yaml new file mode 100644 index 0000000000..f2484b610a --- /dev/null +++ b/Detections/OktaSSO/LoginfromUsersfromDifferentCountrieswithin3hours.yaml @@ -0,0 +1,28 @@ +id: 2954d424-f786-4677-9ffc-c24c44c6e7d5 +name: Login from User(s) from Different Countries within 3 hours +description: | + 'This creates an incident in the event that a user logs into the Okta Console from different countries within 3 hours' +severity: Medium +requiredDataConnectors: + - connectorId: OktaSSO + dataTypes: + - Okta_CL +queryFrequency: 1h +queryPeriod: 1h +triggerOperator: gt +triggerThreshold: 0 +tactics: + - InitalAccess +relevantTechniques: + - T1078 +query: | + + let timeframe = ago(3h); + let threshold = 2; + Okta_CL + | where published_t >= timeframe + | where eventType_s =~ "user.session.start" + | where outcome_result_s =~ "SUCCESS" + | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), NumOfCountries = dcount(client_geographicalContext_country_s) by actor_alternateId_s + | where NumOfCountries >= threshold + | extend timestamp = StartTime, AccountCustomEntity = actor_alternateId_s diff --git a/Detections/OktaSSO/PasswordSpray.yaml b/Detections/OktaSSO/PasswordSpray.yaml new file mode 100644 index 0000000000..73880476eb --- /dev/null +++ b/Detections/OktaSSO/PasswordSpray.yaml @@ -0,0 +1,35 @@ +id: e27dd7e5-4367-4c40-a2b7-fcd7e7a8a508 +name: Potential Password Spray Attack +description: | + 'This creates an incident when numerous lock out events from different accounts occurs' +severity: Medium +requiredDataConnectors: + - connectorId: OktaSSO + dataTypes: + - Okta_CL +queryFrequency: 1h +queryPeriod: 1h +triggerOperator: gt +triggerThreshold: 0 +tactics: + - CredentialAccess +relevantTechniques: + - T1110 +query: | + + let timeframe = ago(1h); + let FailureThreshold = 15; + let LockOutEvents = Okta_CL + | where TimeGenerated > timeframe + | where eventType_s =~ "user.account.lock" + | summarize count() by client_ipAddress_s, bin(TimeGenerated, 5m) + | where count_ > FailureThreshold + | project TimeGenerated; + Okta_CL + | where TimeGenerated > timeframe + | where eventType_s =~ "user.account.lock" + | extend TimeGenerated = bin(TimeGenerated, 5m) + | join kind=inner LockOutEvents () on TimeGenerated + | summarize User = make_set(actor_alternateId_s) by ClientIP = client_ipAddress_s, City = client_geographicalContext_city_s, Country = client_geographicalContext_country_s, bin(TimeGenerated, 5m) + | sort by TimeGenerated desc + | extend timestamp = TimeGenerated, IPCustomEntity = ClientIP diff --git a/Detections/SophosXGFirewall/ExcessiveAmountofDeniedConnectionsfromASingleSource.yaml b/Detections/SophosXGFirewall/ExcessiveAmountofDeniedConnectionsfromASingleSource.yaml new file mode 100644 index 0000000000..071c32e8d0 --- /dev/null +++ b/Detections/SophosXGFirewall/ExcessiveAmountofDeniedConnectionsfromASingleSource.yaml @@ -0,0 +1,27 @@ +id: 3d645a88-2724-41a7-adea-db74c439cf79 +name: Excessive Amount of Denied Connections from a Single Source +description: | + 'This creates an incident in the event that a single source IP address generates a excessive amount of denied connections.' +severity: Medium +requiredDataConnectors: + - connectorId: SophosXGFirewall + dataTypes: + - Syslog +queryFrequency: 1h +queryPeriod: 1h +triggerOperator: gt +triggerThreshold: 0 +tactics: + - Impact +relevantTechniques: + - T1499 +query: | + + let timeframe = ago(1h); + let threshold = 5000; + SophosXGFirewall + | where TimeGenerated >= timeframe + | where Log_Type =~ "Firewall" and Status =~ "Deny" + | summarize count() by Src_IP, bin(TimeGenerated,5m) + | where count_ > threshold + | extend timestamp = TimeGenerated, IPCustomEntity = Src_IP diff --git a/Detections/SophosXGFirewall/PortScanDetected.yaml b/Detections/SophosXGFirewall/PortScanDetected.yaml new file mode 100644 index 0000000000..aa891633ee --- /dev/null +++ b/Detections/SophosXGFirewall/PortScanDetected.yaml @@ -0,0 +1,28 @@ +id: 427e4c9e-8cf4-4094-a684-a2d060dbca38 +name: Port Scan Detected +description: | + 'This alert creates an incident when a source IP addresses attempt to communicate with a large amount of distinct ports within a short period.' +severity: Medium +requiredDataConnectors: + - connectorId: SophosXGFirewall + dataTypes: + - Syslog +queryFrequency: 1h +queryPeriod: 1h +triggerOperator: gt +triggerThreshold: 0 +tactics: + - Discovery +relevantTechniques: + - T1046 +query: | + + let timeframe = ago(1h); + let threshold = 50; + SophosXGFirewall + | where TimeGenerated >= timeframe + | where Log_Type =~ "Firewall" + | where not(ipv4_is_match("10.0.0.0",Src_IP,8) or ipv4_is_match("172.16.0.0",Src_IP,12) or ipv4_is_match("192.168.0.0",Src_IP,16)) + | summarize dcount(Dst_Port) by Src_IP, bin(TimeGenerated, 5m) + | where dcount_Dst_Port > threshold + | extend timestamp = TimeGenerated, IPCustomEntity = Src_IP diff --git a/Detections/SymantecProxySG/UserAccessedSuspiciousURLCategories.yaml b/Detections/SymantecProxySG/UserAccessedSuspiciousURLCategories.yaml index 099ea5193d..7b5592c458 100644 --- a/Detections/SymantecProxySG/UserAccessedSuspiciousURLCategories.yaml +++ b/Detections/SymantecProxySG/UserAccessedSuspiciousURLCategories.yaml @@ -12,9 +12,9 @@ queryPeriod: 1h triggerOperator: gt triggerThreshold: 0 tactics: - - InitialAccess + - DefenseEvasion relevantTechniques: - - T1192 + - T1090 query: | let timeframe = ago(1h); diff --git a/Detections/CarbonBlack/CriticalThreatDetected.yaml b/Detections/VMwareCarbonBlack/CriticalThreatDetected.yaml similarity index 100% rename from Detections/CarbonBlack/CriticalThreatDetected.yaml rename to Detections/VMwareCarbonBlack/CriticalThreatDetected.yaml diff --git a/Detections/CarbonBlack/KnownMalwareDetected.yaml b/Detections/VMwareCarbonBlack/KnownMalwareDetected.yaml similarity index 100% rename from Detections/CarbonBlack/KnownMalwareDetected.yaml rename to Detections/VMwareCarbonBlack/KnownMalwareDetected.yaml diff --git a/Logos/okta_logo.svg b/Logos/okta_logo.svg new file mode 100644 index 0000000000..7eb5b7a474 --- /dev/null +++ b/Logos/okta_logo.svg @@ -0,0 +1,14 @@ + + + + + + + + + + + + + + \ No newline at end of file diff --git a/Logos/sophos_logo.svg b/Logos/sophos_logo.svg new file mode 100644 index 0000000000..991d7fd2f4 --- /dev/null +++ b/Logos/sophos_logo.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/Parsers/PulseConnectSecure/PulseConnectSecure.txt b/Parsers/PulseConnectSecure/PulseConnectSecure.txt index 88add1df06..df1aac401d 100644 --- a/Parsers/PulseConnectSecure/PulseConnectSecure.txt +++ b/Parsers/PulseConnectSecure/PulseConnectSecure.txt @@ -1,8 +1,8 @@ // Title: Pulse Connect Secure Data Parser // Author: Microsoft -// Version: 1.0 -// Last Updated: 06/01/2020 -// Comment: Inital Release +// Version: 1.1 +// Last Updated: 06/16/2020 +// Comment: Added support for version 8.0R7 and above // // DESCRIPTION: // This parser takes raw Pulse Connect Secure logs from a Syslog data stream and parses the data into a normalized schema @@ -29,6 +29,7 @@ // Syslog | where Computer in ("datasource") and Facility == "local7" +//Version 8.0R7 and below | extend Parser = extract_all(@'^(\d{4}\-\d{2}-\d{2})\s(\d{2}\:\d{2}:\d{2})\s(\S+)\s(\S+)\s(\S+)\s\[(\S+)\]\s(\S+)\((.*)?\)\[(.*)\]\s\-\s(.*)',dynamic([1,2,3,4,5,6,7,8,9,10]),SyslogMessage) | mv-expand Parser | extend LogTime = todatetime(strcat(tostring(Parser[0]),'T',tostring(Parser[1]))), @@ -39,3 +40,14 @@ Syslog EventID = tostring(Parser[8]), Messages = tostring(Parser[9]) | project-away Parser +//Version 8.0R7 and above +| extend User = extract(@'user=(\S+)',1,SyslogMessage), + EventID = extract(@'id=(\S+)',1,SyslogMessage), + Pri = extract(@'pri=(\S+)',1,SyslogMessage), + Node = extract(@'vpn=\"(\S+)\"',1,SyslogMessage), + Realm = extract(@'realm=\"([\w\s\:\.]+)\"',1,SyslogMessage), + Roles = extract(@'roles=\"([\w\s\:\.]+)\"',1,SyslogMessage), + Type = extract(@'type=(\S+)',1,SyslogMessage), + Messages = extract(@'msg=\"([\w\s\:\.]+)\"',1,SyslogMessage), + Source_IP = extract(@'fw=([\d\.]+)',1,SyslogMessage), + diff --git a/Parsers/SophosXGFirewall/SophosXGFirewall.txt b/Parsers/SophosXGFirewall/SophosXGFirewall.txt new file mode 100644 index 0000000000..dc709dd5b4 --- /dev/null +++ b/Parsers/SophosXGFirewall/SophosXGFirewall.txt @@ -0,0 +1,97 @@ +// Title: Sophos XG Firewall Data Parser +// Author: Microsoft +// Version: 1.0 +// Last Updated: 06/04/2020 +// Comment: Inital Release +// +// DESCRIPTION: +// This parser takes raw Sophos XG Firewall logs from a Syslog data stream and parses the data into a normalized schema +// +// USAGE: +// 1. Open Log Analytics/Azure Sentinel Logs blade. Copy the query below and paste into the Logs query window. +// 2. In the query window, on the second line of the query, enter the hostname(s) of your Sophos XG Firewall device(s) and any other unique identifiers for the logstream. +// For example: | where Computer in ("server1, server2") and Facility == "local0" +// 3. Click the Save button above the query. A pane will appear on the right, select "as Function" from the drop down. Enter a Function Name. +// In order for the Sophos XG Firewall logs to work with pre-built queries and workbooks the Function Alias must be set to - SophosXGFirewall +// 4. Function App usually take 10-15 minutes to activate. You can then use Function Alias for other queries +// +// REFERENCES: +// Using functions in Azure monitor log queries: https://docs.microsoft.com/azure/azure-monitor/log-query/functions +// +// LOG SAMPLES: +// This parser assumes the raw log are formatted as follows: +// +// messageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="N/A" +// nat_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" +// app_technology="" app_category="" vlan_id="0" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="" in_display_interface="" +// out_interface="" out_display_interface="" src_mac="" dst_mac="" src_ip="216.163.176.36" src_country="USA" dst_ip="10.0.1.4" dst_country="R1" protocol="TCP" +// src_port="80" dst_port="50932" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" +// dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" +// message="Could not associate packet to any connection." appresolvedby="Signature" app_is_cloud="0" +// +// +Syslog +| where Computer in ("52.152.175.228") and Facility == "local0" +| extend Device = extract(@'device=\"(\S+)\"', 1, SyslogMessage), +Date = extract(@'date=(\S+)', 1, SyslogMessage), +Time = extract(@'time=(\S+)', 1, SyslogMessage), +Timezone = extract(@'timezone=\"(\S+)\"', 1, SyslogMessage), +Device_Name = extract(@'device_name=\"(\S+)\"', 1, SyslogMessage), +Device_ID = extract(@'device_id=(\S+)', 1, SyslogMessage), +Log_ID = extract(@'(log_id|messageid)=\"?(\d+)\"?', 2, SyslogMessage), +Log_Type = extract(@'log_type=\"?([\w\s]+)\"?', 1, SyslogMessage), +Log_Component = extract(@'log_component=\"([\w\s]+)\"', 1, SyslogMessage), +Log_Subtype = extract(@'log_subtype=\"([\w]+)\"', 1, SyslogMessage), +Status = extract(@'status=\"?(\w+)\"?', 1, SyslogMessage), +Priority = extract(@'priority=(\S+)', 1, SyslogMessage), +Duration = extract(@'(con_duration|duration)=(\S+)', 2, SyslogMessage), +FW_Rule_ID = extract(@'fw_rule_id=\"?(\S+)\"?', 1, SyslogMessage), +Policy_Type = extract(@'policy_type=(\S+)', 1, SyslogMessage), +User_Name = extract(@'(user_name|user)=\"(\S+)\"',2, SyslogMessage), +User_GP = extract(@'(user_gp|user_group)=\"(\S+)\"', 2, SyslogMessage), +IAP = extract(@'iap=(\S+)', 1, SyslogMessage), +IPS_Policy_ID = extract(@'ips_policy_id=(\S+)', 1, SyslogMessage), +Appfilter_Policy_ID = extract(@'appfilter_policy_id=(\S+)', 1, SyslogMessage), +Application = extract(@'(application|app_name)=\"(\S+)\"', 2, SyslogMessage), +Application_Risk = extract(@'(application_risk|app_risk)=(\S+)', 2, SyslogMessage), +Application_Technology = extract(@'(application_technology|app_technology)=\"(\S+)\"', 2, SyslogMessage), +Application_Category = extract(@'(application_category|app_category)=\"(\S+)\"', 2, SyslogMessage), +In_Interface = extract(@'in_interface=\"(\S+)\"', 1, SyslogMessage), +Out_Interface = extract(@'out_interface=\"(\S+)\"', 1, SyslogMessage), +Src_MAC = extract(@'src_mac=\"?([\w\:]+)\"?', 1, SyslogMessage), +Src_IP = extract(@'src_ip=\"?([\w\.]+)\"?', 1, SyslogMessage), +Src_Country_Code = extract(@'(src_country|src_country_code)=\"?(\w+)\"?', 2, SyslogMessage), +Dst_MAC = extract(@'dst_mac=\"?([\w\:]+)\"?', 1, SyslogMessage), +Dst_IP = extract(@'dst_ip=\"?([\w\.]+)\"?', 1, SyslogMessage), +Dst_Country_Code = extract(@'(dst_country|dst_country_code)=\"?(\w+)\"?', 2, SyslogMessage), +Protocol = extract(@'protocol=\"?(\w+)\"?', 1, SyslogMessage), +Src_Port = extract(@'src_port=\"?(\d+)\"?', 1, SyslogMessage), +Dst_Port = extract(@'dst_port=\"?(\d+)\"?', 1, SyslogMessage), +Sent_Pkts = extract(@'(packets_sent|sent_pkts)=\"?(\d+)\"?', 2, SyslogMessage), +Recv_Pkts = extract(@'(packets_received|recv_pkts)=\"?(\d+)\"?', 2, SyslogMessage), +Sent_Bytes = extract(@'(bytes_sent|sent_bytes)=\"?(\d+)\"?', 2, SyslogMessage), +Recv_Bytes = extract(@'(bytes_received|recv_bytes)=\"?(\d+)\"?', 2, SyslogMessage), +Tran_Src_IP = extract(@'(src_trans_ip|tran_src_ip)=(\S+)', 2, SyslogMessage), +Tran_Src_Port = extract(@'(src_trans_port|tran_src_port)=\"?(\d+)\"?', 2, SyslogMessage), +Tran_Dst_IP = extract(@'(dst_trans_ip|tran_dst_ip)=(\S+)', 2, SyslogMessage), +Tran_Dst_Port = extract(@'(dst_trans_port|tran_dst_port)=\"?(\d+)\"?', 2, SyslogMessage), +Srczonetype = extract(@'(src_zone_type|srczonetype)=\"(\S+)\"', 2, SyslogMessage), +Srczone = extract(@'(src_zone|srczone)=\"(\S+)\"', 2, SyslogMessage), +Dstzonetype = extract(@'(dst_zone_type|dstzonetype)=\"(\S+)\"', 2, SyslogMessage), +Dstzone = extract(@'(dst_zone|dstzone)=\"(\S+)\"', 2, SyslogMessage), +Dir_Disp = extract(@'dir_disp=\"(\S+)\"', 1, SyslogMessage), +Connevent = extract(@'connevent=\"(\S+)\"', 1, SyslogMessage), +ConnID = extract(@'(con_id|connid)=\"(\S+)\"', 2, SyslogMessage), +VconnID = extract(@'(virt_con_id|vconnid)=\"(\S+)\"', 2, SyslogMessage), +HB_Health = extract(@'(hb_status|hb_health)=\"(\S+)\"', 2, SyslogMessage), +Message = extract(@'message=\"([\S\s]+)\.\"', 1, SyslogMessage), +AppResolvedBy = extract(@'appresolvedby=\"(\S+)\"', 1, SyslogMessage), +Nat_Rule_ID = extract(@'nat_rule_id=(\S+)', 1, SyslogMessage), +Vlan_ID = extract(@'vlan_id=\"(\S+)\"', 1, SyslogMessage), +Ether_Type = extract(@'ether_type=\"(\S+)\"', 1, SyslogMessage), +Bridge_Name = extract(@'bridge_name=\"(\S+)\"', 1, SyslogMessage), +Web_Policy_ID = extract(@'web_policy_id=\"(\S+)\"', 1, SyslogMessage), +App_IS_Cloud = extract(@'app_is_cloud=\"(\S+)\"', 1, SyslogMessage), +Bridge_Display_Name = extract(@'bridge_display_name=\"(\S+)\"', 1, SyslogMessage), +In_Display_Interface = extract(@'in_display_interface=\"(\S+)\"', 1, SyslogMessage), +Out_Display_Interface = extract(@'out_display_interface=\"(\S+)\"', 1, SyslogMessage) \ No newline at end of file diff --git a/Sample Data/Custom/Okta_CL.json b/Sample Data/Custom/Okta_CL.json new file mode 100644 index 0000000000..78d666d68b --- /dev/null +++ b/Sample Data/Custom/Okta_CL.json @@ -0,0 +1,43291 @@ +[ + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T22:20:03.402Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "null", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "Sign-on policy evaluation resulted in CHALLENGE", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsDBjPuBFlTIiqk51N8F1cjg", + "displayMessage_s": "Evaluation of sign-on policy", + "eventType_s": "policy.evaluate_sign_on", + "outcome_result_s": "CHALLENGE", + "published_t": "2020-05-26T22:15:19.883Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "", + "transaction_id_s": "unknown", + "uuid_g": "62c3328c-9f9e-11ea-86e9-e5b0d2d0f179", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"00pn79xb33o84O0Hc0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OktaSignOn\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prn79ye1mCqWhlUR0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00pn79xb33o84O0Hc0h7\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T22:20:03.402Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs2U@2gG-a1efe2jvOEjJQAACDI", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "PASSWORD_AS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102M55TPJ-YQ1yL8orhbh74Lg", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-26T22:15:24.061Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_fail", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs2U@2gG-a1efe2jvOEjJQAACDI", + "uuid_g": "6540b50a-9f9e-11ea-8e6c-9d92aa70e8a4", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T22:20:03.402Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs2VAr0ej7KMP5hYpGRw0gAABow", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "PASSWORD_AS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102M55TPJ-YQ1yL8orhbh74Lg", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T22:15:30.569Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs2VAr0ej7KMP5hYpGRw0gAABow", + "uuid_g": "6921bfe9-9f9e-11ea-bcd4-753968e9d9d3", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T22:20:03.402Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs2VBcXl1FYZ8DEaI66QKQAACZg", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "1", + "debugContext_debugData_smsProvider_s": "TELESIGN", + "debugContext_debugData_transactionId_g": "25c94c38-782c-0504-9196-f67546f6f1d9", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102M55TPJ-YQ1yL8orhbh74Lg", + "displayMessage_s": "Send second factor auth SMS", + "eventType_s": "system.sms.send_factor_verify_message", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T22:15:33.692Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.sms.message_sent.factor", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs2VBcXl1FYZ8DEaI66QKQAACZg", + "uuid_g": "6afe484a-9f9e-11ea-91fd-857c0325ddfd", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"mblrjkhau8Q7KqJpX0h7\",\r\n \"type\": \"MobilePhone\",\r\n \"alternateId\": \"+13237923223\",\r\n \"displayName\": \"+13237923223\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T22:20:03.402Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs2VC4G@N5vS1TK59O0MLQAADMQ", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "SMS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "SMS", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102M55TPJ-YQ1yL8orhbh74Lg", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-26T22:15:39.591Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_fail", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs2VC4G@N5vS1TK59O0MLQAADMQ", + "uuid_g": "6e82662f-9f9e-11ea-8657-113634b3d713", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T22:20:03.402Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs2VDhWGrxS@9xIQRufjmwAAAag", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "SMS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "SMS", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102M55TPJ-YQ1yL8orhbh74Lg", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-26T22:15:42.815Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_fail", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs2VDhWGrxS@9xIQRufjmwAAAag", + "uuid_g": "706e5753-9f9e-11ea-a008-ed92f0da2cdb", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T22:20:03.402Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs2VMppsvxLauLNIgPCN1gAABYQ", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "SMS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "SMS", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102M55TPJ-YQ1yL8orhbh74Lg", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T22:16:19.139Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs2VMppsvxLauLNIgPCN1gAABYQ", + "uuid_g": "8614f18f-9f9e-11ea-8f4c-b9fe37b9e5fa", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T22:20:03.402Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs2VMppsvxLauLNIgPCN1gAABYQ", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102M55TPJ-YQ1yL8orhbh74Lg", + "displayMessage_s": "Verify user identity", + "eventType_s": "user.authentication.verify", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T22:16:19.186Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs2VMppsvxLauLNIgPCN1gAABYQ", + "uuid_g": "861c1d81-9f9e-11ea-8f4c-b9fe37b9e5fa", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T22:20:03.402Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs2VMppsvxLauLNIgPCN1gAABYQ", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102M55TPJ-YQ1yL8orhbh74Lg", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T22:16:19.179Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs2VMppsvxLauLNIgPCN1gAABYQ", + "uuid_g": "861b0c10-9f9e-11ea-8f4c-b9fe37b9e5fa", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T22:20:03.402Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs2VOCZOjqHePkozjlqNoAAADyw", + "debugContext_debugData_requestUri_s": "/admin/sso/request", + "debugContext_debugData_url_s": "/admin/sso/request?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102U__8lB-rQFOSjRozlRS-nw", + "displayMessage_s": "User accessing Okta admin app", + "eventType_s": "user.session.access_admin_app", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T22:16:24.703Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.admin.sso.login.success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs2VOCZOjqHePkozjlqNoAAADyw", + "uuid_g": "8965f1a6-9f9e-11ea-ba57-ed14c2b9b62e", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T22:20:03.402Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs2VSkOMHx2uuLIEiR3o2wAABzM", + "debugContext_debugData_requestUri_s": "/api/v1/apps/0oaqkaya0bxf3FLtf0h7/users", + "debugContext_debugData_url_s": "/api/v1/apps/0oaqkaya0bxf3FLtf0h7/users?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102U__8lB-rQFOSjRozlRS-nw", + "displayMessage_s": "Add user to application membership", + "eventType_s": "application.user_membership.add", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T22:16:43.125Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.assign_user_to_app", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs2VSkOMHx2uuLIEiR3o2wAABzM", + "uuid_g": "9460ea83-9f9e-11ea-b365-4973b2c3a34d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0uarrfg9pgeN23kIt0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"rajesh.vanaparthi@accenture.com\",\r\n \"displayName\": \"Rajesh vanaparthi\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oaqkaya0bxf3FLtf0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"AEG-OCI-Accenture-Account\",\r\n \"displayName\": \"Oracle Cloud Infrastructure\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00urjjy236xD3zrUI0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"rajesh.vanaparthi@accenture.com\",\r\n \"displayName\": \"Rajesh vanaparthi\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T21:10:01.663Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsbjdW_UtzS3Kx13csxg8C1Q", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T21:07:46.429Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rre9cc5yGuQKu50h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rre9cc5yGuQKu50h7", + "uuid_g": "f2b732f0-9f94-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T21:10:01.663Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsbjdW_UtzS3Kx13csxg8C1Q", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-26T21:08:31.449Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rre9cc5yGuQKu50h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rre9cc5yGuQKu50h7", + "uuid_g": "0d8cb57e-9f95-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T21:50:01.713Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs2OHsv5yd8cg5CcBB0zxAAADOE", + "debugContext_debugData_requestUri_s": "/login/signout", + "debugContext_debugData_url_s": "/login/signout?message=login_page_messages.session_has_expired", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "User logout from Okta", + "eventType_s": "user.session.end", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T21:46:06.71Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.logout_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs2OHsv5yd8cg5CcBB0zxAAADOE", + "uuid_g": "4dca39e6-9f9a-11ea-ab4e-d9527e48dd0e", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": {\r\n \"lat\": 34.047,\r\n \"lon\": -118.275\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "null", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "Sign-on policy evaluation resulted in CHALLENGE", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsKiIT-ikNSs-Nez55MWrmXQ", + "displayMessage_s": "Evaluation of sign-on policy", + "eventType_s": "policy.evaluate_sign_on", + "outcome_result_s": "CHALLENGE", + "published_t": "2020-05-26T19:01:43.688Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "", + "transaction_id_s": "unknown", + "uuid_g": "56f880ee-9f83-11ea-9afc-cd2c72ea6161", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"00pn79xb33o84O0Hc0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OktaSignOn\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prn79ye1mCqWhlUR0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00pn79xb33o84O0Hc0h7\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1noEWGEPIA1sAKuMT8oQAABkQ", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "PASSWORD_AS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:01:52.691Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1noEWGEPIA1sAKuMT8oQAABkQ", + "uuid_g": "5c564106-9f83-11ea-8f4c-b9fe37b9e5fa", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1nq-2wvKJddDOB1mPS3QAADYg", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "1", + "debugContext_debugData_smsProvider_s": "TELESIGN", + "debugContext_debugData_transactionId_g": "25c94973-e3b4-0404-9196-a29d3a9642a4", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "Send second factor auth SMS", + "eventType_s": "system.sms.send_factor_verify_message", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:02:04.32Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.sms.message_sent.factor", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1nq-2wvKJddDOB1mPS3QAADYg", + "uuid_g": "6344b2a9-9f83-11ea-86e9-e5b0d2d0f179", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"mblrjkhau8Q7KqJpX0h7\",\r\n \"type\": \"MobilePhone\",\r\n \"alternateId\": \"+13237923223\",\r\n \"displayName\": \"+13237923223\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1ntskjYvO@XnRXUi8wEQAAC9E", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "SMS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "SMS", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:02:14.446Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1ntskjYvO@XnRXUi8wEQAAC9E", + "uuid_g": "694dcd8c-9f83-11ea-b091-fbd2ab976feb", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1ntskjYvO@XnRXUi8wEQAAC9E", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:02:14.495Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1ntskjYvO@XnRXUi8wEQAAC9E", + "uuid_g": "6955479d-9f83-11ea-b091-fbd2ab976feb", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1ntskjYvO@XnRXUi8wEQAAC9E", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "Verify user identity", + "eventType_s": "user.authentication.verify", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:02:14.502Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1ntskjYvO@XnRXUi8wEQAAC9E", + "uuid_g": "6956590e-9f83-11ea-b091-fbd2ab976feb", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1nvRMIVMwDooBq8xCa7QAABZI", + "debugContext_debugData_requestUri_s": "/admin/sso/request", + "debugContext_debugData_url_s": "/admin/sso/request?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1027UYfrU6YTuK9Ud2RRH03DQ", + "displayMessage_s": "User accessing Okta admin app", + "eventType_s": "user.session.access_admin_app", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:02:21.523Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.admin.sso.login.success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1nvRMIVMwDooBq8xCa7QAABZI", + "uuid_g": "6d85aaa7-9f83-11ea-bbfc-219c47051cf6", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1oA6Ht8KiJlr31E9R-VAAABEs", + "debugContext_debugData_requestUri_s": "/api/v1/apps/0oankr625m1gEmNo80h7/users", + "debugContext_debugData_url_s": "/api/v1/apps/0oankr625m1gEmNo80h7/users?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1027UYfrU6YTuK9Ud2RRH03DQ", + "displayMessage_s": "Add user to application membership", + "eventType_s": "application.user_membership.add", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:03:32.089Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.assign_user_to_app", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1oA6Ht8KiJlr31E9R-VAAABEs", + "uuid_g": "97952f53-9f83-11ea-b871-476fe69ebde3", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0uarr9is3cPph9DYp0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oankr625m1gEmNo80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Amazon Web Services Redshift\",\r\n \"displayName\": \"Amazon Web Services Redshift\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "IDP_INITIATED", + "debugContext_debugData_signOnMode_s": "SAML 2.0", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1oFGo0DFAnizkRsP6O5wAADaE", + "debugContext_debugData_requestUri_s": "/app/amazon_aws_redshift/exknkr625loavFT1Z0h7/sso/saml", + "debugContext_debugData_url_s": "/app/amazon_aws_redshift/exknkr625loavFT1Z0h7/sso/saml?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "User single sign on to app", + "eventType_s": "user.authentication.sso", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:03:48.318Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.auth.sso", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1oFGo0DFAnizkRsP6O5wAADaE", + "uuid_g": "a14188d2-9f83-11ea-aac0-db95ed8ff78e", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0oankr625m1gEmNo80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Amazon Web Services Redshift\",\r\n \"displayName\": \"Amazon Web Services Redshift\",\r\n \"detailEntry\": {\r\n \"signOnModeType\": \"SAML_2_0\"\r\n }\r\n },\r\n {\r\n \"id\": \"0uarr9is3cPph9DYp0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "IDP_INITIATED", + "debugContext_debugData_signOnMode_s": "SAML 2.0", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1oHI5hHedylC6NGwqGOgAAAZo", + "debugContext_debugData_requestUri_s": "/app/amazon_aws_redshift/exknkr625loavFT1Z0h7/sso/saml", + "debugContext_debugData_url_s": "/app/amazon_aws_redshift/exknkr625loavFT1Z0h7/sso/saml?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "User single sign on to app", + "eventType_s": "user.authentication.sso", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:03:56.967Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.auth.sso", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1oHI5hHedylC6NGwqGOgAAAZo", + "uuid_g": "a669443b-9f83-11ea-be56-d57448b47631", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0oankr625m1gEmNo80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Amazon Web Services Redshift\",\r\n \"displayName\": \"Amazon Web Services Redshift\",\r\n \"detailEntry\": {\r\n \"signOnModeType\": \"SAML_2_0\"\r\n }\r\n },\r\n {\r\n \"id\": \"0uarr9is3cPph9DYp0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1oLz7Hq0kjHx8mLng-GgAACMg", + "debugContext_debugData_requestUri_s": "/admin/sso/request", + "debugContext_debugData_url_s": "/admin/sso/request?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1027UYfrU6YTuK9Ud2RRH03DQ", + "displayMessage_s": "User accessing Okta admin app", + "eventType_s": "user.session.access_admin_app", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:04:15.251Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.admin.sso.login.success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1oLz7Hq0kjHx8mLng-GgAACMg", + "uuid_g": "b14f2e58-9f83-11ea-a952-05576953c639", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1xA45hHedylC6NGwoDMgAAAfY", + "debugContext_debugData_requestUri_s": "/api/v1/apps/0oajz6k4xnDYjAKrU0h7/users", + "debugContext_debugData_url_s": "/api/v1/apps/0oajz6k4xnDYjAKrU0h7/users?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1027UYfrU6YTuK9Ud2RRH03DQ", + "displayMessage_s": "Add user to application membership", + "eventType_s": "application.user_membership.add", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:41:56.164Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.assign_user_to_app", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1xA45hHedylC6NGwoDMgAAAfY", + "uuid_g": "f4eb20e6-9f88-11ea-b94f-717ca88a6cf6", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0uarraiiu4qt3H5Vt0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oajz6k4xnDYjAKrU0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Palo Alto Networks - CaptivePortal for RLSC\",\r\n \"displayName\": \"Palo Alto Networks - CaptivePortal\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "INVALID_LOGIN", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1xD2YFcox13x4cQBkArAAADV4", + "debugContext_debugData_requestUri_s": "/api/v1/internal/apps/0oa4jutwhfPazk2Xk0h7/types", + "debugContext_debugData_url_s": "/api/v1/internal/apps/0oa4jutwhfPazk2Xk0h7/types?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "", + "displayMessage_s": "", + "eventType_s": "application.integration.authentication_failure", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-26T19:42:10.535Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.salesforce.user_management.failure.invalid_api_credentials", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1xD2YFcox13x4cQBkArAAADV4", + "uuid_g": "fd7bf846-9f88-11ea-ab16-b7e40ba477fc", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4jutwhfPazk2Xk0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Salesforce.com\",\r\n \"displayName\": \"Salesforce.com\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1xF454By@6vXcI4P9jtQAAAok", + "debugContext_debugData_requestUri_s": "/api/v1/apps/0oa4jutwhfPazk2Xk0h7/users", + "debugContext_debugData_url_s": "/api/v1/apps/0oa4jutwhfPazk2Xk0h7/users?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1027UYfrU6YTuK9Ud2RRH03DQ", + "displayMessage_s": "Add user to application membership", + "eventType_s": "application.user_membership.add", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:42:15.773Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.assign_user_to_app", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1xF454By@6vXcI4P9jtQAAAok", + "uuid_g": "009b395f-9f89-11ea-b365-4973b2c3a34d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0uarrak54rf657Nwz0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oa4jutwhfPazk2Xk0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Salesforce.com\",\r\n \"displayName\": \"Salesforce.com\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1xIPhGRBVLFUtvF0QSjAAACA0", + "debugContext_debugData_requestUri_s": "/api/v1/apps/0oa4pb20ro0Jf1cTI0h7/users", + "debugContext_debugData_url_s": "/api/v1/apps/0oa4pb20ro0Jf1cTI0h7/users?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1027UYfrU6YTuK9Ud2RRH03DQ", + "displayMessage_s": "Add user to application membership", + "eventType_s": "application.user_membership.add", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:42:25.084Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.assign_user_to_app", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1xIPhGRBVLFUtvF0QSjAAACA0", + "uuid_g": "0627f889-9f89-11ea-86e9-e5b0d2d0f179", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0uarraiqbeHLYdes50h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oa4pb20ro0Jf1cTI0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"WorkdayCommunity\",\r\n \"displayName\": \"WorkdayCommunity\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "INVALID_LOGIN", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "", + "displayMessage_s": "", + "eventType_s": "application.integration.authentication_failure", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-26T19:42:37.901Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.salesforce.user_management.failure.invalid_api_credentials", + "transaction_type_s": "JOB", + "transaction_id_s": "pujrrak54t9MMOopx0h7", + "uuid_g": "0dcbb08c-9f89-11ea-a2b6-af8c0397f19a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4jutwhfPazk2Xk0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Salesforce.com\",\r\n \"displayName\": \"Salesforce.com\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "IDP_INITIATED", + "debugContext_debugData_signOnMode_s": "SAML 2.0", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1xM4ICWyvzJkhKvfCSfwAAB0A", + "debugContext_debugData_requestUri_s": "/app/panw_captiveportal/exkjz6k4xmhfRgiy20h7/sso/saml", + "debugContext_debugData_url_s": "/app/panw_captiveportal/exkjz6k4xmhfRgiy20h7/sso/saml?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "User single sign on to app", + "eventType_s": "user.authentication.sso", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:42:43.794Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.auth.sso", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1xM4ICWyvzJkhKvfCSfwAAB0A", + "uuid_g": "114ee403-9f89-11ea-90c4-0110e7a0729a", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0oajz6k4xnDYjAKrU0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Palo Alto Networks - CaptivePortal for RLSC\",\r\n \"displayName\": \"Palo Alto Networks - CaptivePortal\",\r\n \"detailEntry\": {\r\n \"signOnModeType\": \"SAML_2_0\"\r\n }\r\n },\r\n {\r\n \"id\": \"0uarraiiu4qt3H5Vt0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:48:28.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1x-HmanAu92QX0vSA2lAAACDM", + "debugContext_debugData_requestUri_s": "/admin/sso/request", + "debugContext_debugData_url_s": "/admin/sso/request?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1027UYfrU6YTuK9Ud2RRH03DQ", + "displayMessage_s": "User accessing Okta admin app", + "eventType_s": "user.session.access_admin_app", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:46:04.43Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.admin.sso.login.success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1x-HmanAu92QX0vSA2lAAACDM", + "uuid_g": "88e58345-9f89-11ea-ba36-c940218a689d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trssE2cEAqMRVWP-PZgZbiR1A", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-23T22:00:49.192Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rpgbam19YBI0v10h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rpgbam19YBI0v10h7", + "uuid_g": "dc8d0aba-9d40-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trssE2cEAqMRVWP-PZgZbiR1A", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-23T22:01:34.208Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rpgbam19YBI0v10h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rpgbam19YBI0v10h7", + "uuid_g": "f761f028-9d40-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsxcsQpU2pRMumvB5-cPThyw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-24T01:06:39.073Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rpkaafsR7vb5Y30h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rpkaafsR7vb5Y30h7", + "uuid_g": "d265dd1f-9d5a-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsxcsQpU2pRMumvB5-cPThyw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-24T01:07:24.091Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rpkaafsR7vb5Y30h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rpkaafsR7vb5Y30h7", + "uuid_g": "ed3b1150-9d5a-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUAMjhNZQQlmLWNE5WuJIVQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-24T04:11:16.052Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rpoaqnal1QU6Ip0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rpoaqnal1QU6Ip0h7", + "uuid_g": "9ccab9bb-9d74-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUAMjhNZQQlmLWNE5WuJIVQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-24T04:12:01.07Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rpoaqnal1QU6Ip0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rpoaqnal1QU6Ip0h7", + "uuid_g": "b79fed51-9d74-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsJlnWtN6cQO-O4hj9LGO0uA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-24T07:15:57.1Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rps1up4bOBHczn0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rps1up4bOBHczn0h7", + "uuid_g": "699c7701-9d8e-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsJlnWtN6cQO-O4hj9LGO0uA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-24T07:16:42.116Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rps1up4bOBHczn0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rps1up4bOBHczn0h7", + "uuid_g": "84715d12-9d8e-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsxb_rARWsQRKhqbalikPAnQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-24T10:21:39.279Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rpv675hx4dlmCF0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rpv675hx4dlmCF0h7", + "uuid_g": "5ade0e6b-9da8-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsxb_rARWsQRKhqbalikPAnQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-24T10:22:24.295Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rpv675hx4dlmCF0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rpv675hx4dlmCF0h7", + "uuid_g": "75b2f3e9-9da8-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trstXWLuCQ5SZ6XlDq0zhuYLg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-24T13:26:41.032Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rpx5izpGD1aKEm0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rpx5izpGD1aKEm0h7", + "uuid_g": "3407214c-9dc2-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trstXWLuCQ5SZ6XlDq0zhuYLg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-24T13:27:26.048Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rpx5izpGD1aKEm0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rpx5izpGD1aKEm0h7", + "uuid_g": "4edc0658-9dc2-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsPEv3KQZpReGyCM0a0_i7wg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-24T16:31:05.148Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rpzn19abiGExc20h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rpzn19abiGExc20h7", + "uuid_g": "f6c140a0-9ddb-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsPEv3KQZpReGyCM0a0_i7wg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-24T16:31:50.163Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rpzn19abiGExc20h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rpzn19abiGExc20h7", + "uuid_g": "1195fedb-9ddc-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsZaLJTiuaQH-rZ3M_2TgsZg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-24T19:35:53.266Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rq1h4i9jSbY8Ij0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rq1h4i9jSbY8Ij0h7", + "uuid_g": "c7c9c9f6-9df5-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsZaLJTiuaQH-rZ3M_2TgsZg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-24T19:36:38.285Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rq1h4i9jSbY8Ij0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rq1h4i9jSbY8Ij0h7", + "uuid_g": "e29f24c2-9df5-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsShweiWs7R6GHckaqyJP7Mw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-24T22:43:35.102Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rq33j3reO9m9G50h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rq33j3reO9m9G50h7", + "uuid_g": "005d95ff-9e10-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsShweiWs7R6GHckaqyJP7Mw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-24T22:44:20.118Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rq33j3reO9m9G50h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rq33j3reO9m9G50h7", + "uuid_g": "1b327c17-9e10-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs2zG37vgDRLiBZOREEnMPnA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-25T01:47:35.183Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rq5bhhygw4Bati0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rq5bhhygw4Bati0h7", + "uuid_g": "b4c44281-9e29-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs2zG37vgDRLiBZOREEnMPnA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-25T01:48:20.199Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rq5bhhygw4Bati0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rq5bhhygw4Bati0h7", + "uuid_g": "cf9927cb-9e29-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRgJaok5HTGKwhZMvyz8pgw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-25T04:51:54.931Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rq7few7RKupCgW0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rq7few7RKupCgW0h7", + "uuid_g": "74e3e0af-9e43-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRgJaok5HTGKwhZMvyz8pgw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-25T04:52:39.948Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rq7few7RKupCgW0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rq7few7RKupCgW0h7", + "uuid_g": "8fb8ed87-9e43-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsLoHwF7jqTnmVjh-3lV7GBQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-25T07:57:41.339Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rq9od9isWbvLEq0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rq9od9isWbvLEq0h7", + "uuid_g": "68aac38e-9e5d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsLoHwF7jqTnmVjh-3lV7GBQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-25T07:58:26.356Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rq9od9isWbvLEq0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rq9od9isWbvLEq0h7", + "uuid_g": "837fcf77-9e5d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs4TB3qzh4S7e0fEu3bxj48g", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-25T11:01:33.69Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqc8zqqbsWbPe70h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqc8zqqbsWbPe70h7", + "uuid_g": "1875edc7-9e77-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs4TB3qzh4S7e0fEu3bxj48g", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-25T11:02:18.705Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqc8zqqbsWbPe70h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqc8zqqbsWbPe70h7", + "uuid_g": "334aac25-9e77-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs8NXCVZ2fSruRmGmdHAUE3w", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-25T14:05:49.405Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqew8vw21dvFS40h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqew8vw21dvFS40h7", + "uuid_g": "d62e28f4-9e90-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs8NXCVZ2fSruRmGmdHAUE3w", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-25T14:06:34.422Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqew8vw21dvFS40h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqew8vw21dvFS40h7", + "uuid_g": "f10335a6-9e90-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trstJ_c5a4RQYe4lie4QUgGWw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-25T17:12:30.941Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqhek2iZGda9hz0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqhek2iZGda9hz0h7", + "uuid_g": "ead0e97f-9eaa-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trstJ_c5a4RQYe4lie4QUgGWw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-25T17:13:15.958Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqhek2iZGda9hz0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqhek2iZGda9hz0h7", + "uuid_g": "05a5f637-9eab-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsf6fMfJClR8uIUdHUHD0v-A", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-25T20:16:12.545Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqjqulmbriBRrD0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqjqulmbriBRrD0h7", + "uuid_g": "94343806-9ec4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsf6fMfJClR8uIUdHUHD0v-A", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-25T20:16:57.562Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqjqulmbriBRrD0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqjqulmbriBRrD0h7", + "uuid_g": "af0943e1-9ec4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs1xSIVaApSOKcR1gtCUV2sA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-25T23:20:58.374Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqm11swYHB4sgW0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqm11swYHB4sgW0h7", + "uuid_g": "63df7b53-9ede-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs1xSIVaApSOKcR1gtCUV2sA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-25T23:21:43.39Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqm11swYHB4sgW0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqm11swYHB4sgW0h7", + "uuid_g": "7eb46007-9ede-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsQU8W5YRgRTKxQZ0tFwhn9Q", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T02:25:52.611Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqod5ylvAWBpOW0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqod5ylvAWBpOW0h7", + "uuid_g": "388db393-9ef8-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsQU8W5YRgRTKxQZ0tFwhn9Q", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-26T02:26:37.628Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqod5ylvAWBpOW0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqod5ylvAWBpOW0h7", + "uuid_g": "5362c09e-9ef8-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs0xqW7sp2TCegD979UGR7EA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T05:31:27.282Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqqlaoxiKV4yLq0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqqlaoxiKV4yLq0h7", + "uuid_g": "2555a971-9f12-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs0xqW7sp2TCegD979UGR7EA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-26T05:32:12.299Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqqlaoxiKV4yLq0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqqlaoxiKV4yLq0h7", + "uuid_g": "402ab686-9f12-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsWWbNZ9K6SX2m4h4Ynx9nyg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T08:36:11.123Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqtno4nn5ucA7f0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqtno4nn5ucA7f0h7", + "uuid_g": "f3d194b4-9f2b-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsWWbNZ9K6SX2m4h4Ynx9nyg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-26T08:36:56.141Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqtno4nn5ucA7f0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqtno4nn5ucA7f0h7", + "uuid_g": "0ea6c89f-9f2c-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trspCHyHhlyS76iCSm0Dj-x4g", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T11:41:32.781Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqxdsi5P57aW810h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqxdsi5P57aW810h7", + "uuid_g": "d8d7ea33-9f45-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trspCHyHhlyS76iCSm0Dj-x4g", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-26T11:42:17.798Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rqxdsi5P57aW810h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rqxdsi5P57aW810h7", + "uuid_g": "f3acf683-9f45-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsuXXxTLjtSxm0P91p3aK1Ng", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T14:52:00.519Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rr215g54qjIFCY0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rr215g54qjIFCY0h7", + "uuid_g": "744e5992-9f60-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsuXXxTLjtSxm0P91p3aK1Ng", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-26T14:52:45.539Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rr215g54qjIFCY0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rr215g54qjIFCY0h7", + "uuid_g": "8f23db49-9f60-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsCGImzFdRT6a0HoqnHeebDw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T18:00:12.852Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rr82wbniVAT7e10h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rr82wbniVAT7e10h7", + "uuid_g": "bf0f9f62-9f7a-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsCGImzFdRT6a0HoqnHeebDw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-26T18:00:57.872Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rr82wbniVAT7e10h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rr82wbniVAT7e10h7", + "uuid_g": "d9e521e7-9f7a-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "null", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "Sign-on policy evaluation resulted in CHALLENGE", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsKiIT-ikNSs-Nez55MWrmXQ", + "displayMessage_s": "Evaluation of sign-on policy", + "eventType_s": "policy.evaluate_sign_on", + "outcome_result_s": "CHALLENGE", + "published_t": "2020-05-26T19:01:43.688Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "", + "transaction_id_s": "unknown", + "uuid_g": "56f880ee-9f83-11ea-9afc-cd2c72ea6161", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"00pn79xb33o84O0Hc0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OktaSignOn\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prn79ye1mCqWhlUR0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00pn79xb33o84O0Hc0h7\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1noEWGEPIA1sAKuMT8oQAABkQ", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "PASSWORD_AS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:01:52.691Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1noEWGEPIA1sAKuMT8oQAABkQ", + "uuid_g": "5c564106-9f83-11ea-8f4c-b9fe37b9e5fa", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1nq-2wvKJddDOB1mPS3QAADYg", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "1", + "debugContext_debugData_smsProvider_s": "TELESIGN", + "debugContext_debugData_transactionId_g": "25c94973-e3b4-0404-9196-a29d3a9642a4", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "Send second factor auth SMS", + "eventType_s": "system.sms.send_factor_verify_message", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:02:04.32Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.sms.message_sent.factor", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1nq-2wvKJddDOB1mPS3QAADYg", + "uuid_g": "6344b2a9-9f83-11ea-86e9-e5b0d2d0f179", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"mblrjkhau8Q7KqJpX0h7\",\r\n \"type\": \"MobilePhone\",\r\n \"alternateId\": \"+13237923223\",\r\n \"displayName\": \"+13237923223\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1ntskjYvO@XnRXUi8wEQAAC9E", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "SMS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "SMS", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:02:14.446Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1ntskjYvO@XnRXUi8wEQAAC9E", + "uuid_g": "694dcd8c-9f83-11ea-b091-fbd2ab976feb", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1ntskjYvO@XnRXUi8wEQAAC9E", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:02:14.495Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1ntskjYvO@XnRXUi8wEQAAC9E", + "uuid_g": "6955479d-9f83-11ea-b091-fbd2ab976feb", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1ntskjYvO@XnRXUi8wEQAAC9E", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "Verify user identity", + "eventType_s": "user.authentication.verify", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:02:14.502Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1ntskjYvO@XnRXUi8wEQAAC9E", + "uuid_g": "6956590e-9f83-11ea-b091-fbd2ab976feb", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1nvRMIVMwDooBq8xCa7QAABZI", + "debugContext_debugData_requestUri_s": "/admin/sso/request", + "debugContext_debugData_url_s": "/admin/sso/request?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1027UYfrU6YTuK9Ud2RRH03DQ", + "displayMessage_s": "User accessing Okta admin app", + "eventType_s": "user.session.access_admin_app", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:02:21.523Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.admin.sso.login.success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1nvRMIVMwDooBq8xCa7QAABZI", + "uuid_g": "6d85aaa7-9f83-11ea-bbfc-219c47051cf6", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1oA6Ht8KiJlr31E9R-VAAABEs", + "debugContext_debugData_requestUri_s": "/api/v1/apps/0oankr625m1gEmNo80h7/users", + "debugContext_debugData_url_s": "/api/v1/apps/0oankr625m1gEmNo80h7/users?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1027UYfrU6YTuK9Ud2RRH03DQ", + "displayMessage_s": "Add user to application membership", + "eventType_s": "application.user_membership.add", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:03:32.089Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.assign_user_to_app", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1oA6Ht8KiJlr31E9R-VAAABEs", + "uuid_g": "97952f53-9f83-11ea-b871-476fe69ebde3", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0uarr9is3cPph9DYp0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oankr625m1gEmNo80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Amazon Web Services Redshift\",\r\n \"displayName\": \"Amazon Web Services Redshift\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "IDP_INITIATED", + "debugContext_debugData_signOnMode_s": "SAML 2.0", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1oFGo0DFAnizkRsP6O5wAADaE", + "debugContext_debugData_requestUri_s": "/app/amazon_aws_redshift/exknkr625loavFT1Z0h7/sso/saml", + "debugContext_debugData_url_s": "/app/amazon_aws_redshift/exknkr625loavFT1Z0h7/sso/saml?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "User single sign on to app", + "eventType_s": "user.authentication.sso", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:03:48.318Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.auth.sso", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1oFGo0DFAnizkRsP6O5wAADaE", + "uuid_g": "a14188d2-9f83-11ea-aac0-db95ed8ff78e", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0oankr625m1gEmNo80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Amazon Web Services Redshift\",\r\n \"displayName\": \"Amazon Web Services Redshift\",\r\n \"detailEntry\": {\r\n \"signOnModeType\": \"SAML_2_0\"\r\n }\r\n },\r\n {\r\n \"id\": \"0uarr9is3cPph9DYp0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "IDP_INITIATED", + "debugContext_debugData_signOnMode_s": "SAML 2.0", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1oHI5hHedylC6NGwqGOgAAAZo", + "debugContext_debugData_requestUri_s": "/app/amazon_aws_redshift/exknkr625loavFT1Z0h7/sso/saml", + "debugContext_debugData_url_s": "/app/amazon_aws_redshift/exknkr625loavFT1Z0h7/sso/saml?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "User single sign on to app", + "eventType_s": "user.authentication.sso", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:03:56.967Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.auth.sso", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1oHI5hHedylC6NGwqGOgAAAZo", + "uuid_g": "a669443b-9f83-11ea-be56-d57448b47631", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0oankr625m1gEmNo80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Amazon Web Services Redshift\",\r\n \"displayName\": \"Amazon Web Services Redshift\",\r\n \"detailEntry\": {\r\n \"signOnModeType\": \"SAML_2_0\"\r\n }\r\n },\r\n {\r\n \"id\": \"0uarr9is3cPph9DYp0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1oLz7Hq0kjHx8mLng-GgAACMg", + "debugContext_debugData_requestUri_s": "/admin/sso/request", + "debugContext_debugData_url_s": "/admin/sso/request?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1027UYfrU6YTuK9Ud2RRH03DQ", + "displayMessage_s": "User accessing Okta admin app", + "eventType_s": "user.session.access_admin_app", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:04:15.251Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.admin.sso.login.success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1oLz7Hq0kjHx8mLng-GgAACMg", + "uuid_g": "b14f2e58-9f83-11ea-a952-05576953c639", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1xA45hHedylC6NGwoDMgAAAfY", + "debugContext_debugData_requestUri_s": "/api/v1/apps/0oajz6k4xnDYjAKrU0h7/users", + "debugContext_debugData_url_s": "/api/v1/apps/0oajz6k4xnDYjAKrU0h7/users?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1027UYfrU6YTuK9Ud2RRH03DQ", + "displayMessage_s": "Add user to application membership", + "eventType_s": "application.user_membership.add", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:41:56.164Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.assign_user_to_app", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1xA45hHedylC6NGwoDMgAAAfY", + "uuid_g": "f4eb20e6-9f88-11ea-b94f-717ca88a6cf6", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0uarraiiu4qt3H5Vt0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oajz6k4xnDYjAKrU0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Palo Alto Networks - CaptivePortal for RLSC\",\r\n \"displayName\": \"Palo Alto Networks - CaptivePortal\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "INVALID_LOGIN", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1xD2YFcox13x4cQBkArAAADV4", + "debugContext_debugData_requestUri_s": "/api/v1/internal/apps/0oa4jutwhfPazk2Xk0h7/types", + "debugContext_debugData_url_s": "/api/v1/internal/apps/0oa4jutwhfPazk2Xk0h7/types?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "", + "displayMessage_s": "", + "eventType_s": "application.integration.authentication_failure", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-26T19:42:10.535Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.salesforce.user_management.failure.invalid_api_credentials", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1xD2YFcox13x4cQBkArAAADV4", + "uuid_g": "fd7bf846-9f88-11ea-ab16-b7e40ba477fc", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4jutwhfPazk2Xk0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Salesforce.com\",\r\n \"displayName\": \"Salesforce.com\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1xF454By@6vXcI4P9jtQAAAok", + "debugContext_debugData_requestUri_s": "/api/v1/apps/0oa4jutwhfPazk2Xk0h7/users", + "debugContext_debugData_url_s": "/api/v1/apps/0oa4jutwhfPazk2Xk0h7/users?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1027UYfrU6YTuK9Ud2RRH03DQ", + "displayMessage_s": "Add user to application membership", + "eventType_s": "application.user_membership.add", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:42:15.773Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.assign_user_to_app", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1xF454By@6vXcI4P9jtQAAAok", + "uuid_g": "009b395f-9f89-11ea-b365-4973b2c3a34d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0uarrak54rf657Nwz0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oa4jutwhfPazk2Xk0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Salesforce.com\",\r\n \"displayName\": \"Salesforce.com\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1xIPhGRBVLFUtvF0QSjAAACA0", + "debugContext_debugData_requestUri_s": "/api/v1/apps/0oa4pb20ro0Jf1cTI0h7/users", + "debugContext_debugData_url_s": "/api/v1/apps/0oa4pb20ro0Jf1cTI0h7/users?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1027UYfrU6YTuK9Ud2RRH03DQ", + "displayMessage_s": "Add user to application membership", + "eventType_s": "application.user_membership.add", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:42:25.084Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.assign_user_to_app", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1xIPhGRBVLFUtvF0QSjAAACA0", + "uuid_g": "0627f889-9f89-11ea-86e9-e5b0d2d0f179", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0uarraiqbeHLYdes50h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oa4pb20ro0Jf1cTI0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"WorkdayCommunity\",\r\n \"displayName\": \"WorkdayCommunity\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "INVALID_LOGIN", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "", + "displayMessage_s": "", + "eventType_s": "application.integration.authentication_failure", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-26T19:42:37.901Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.salesforce.user_management.failure.invalid_api_credentials", + "transaction_type_s": "JOB", + "transaction_id_s": "pujrrak54t9MMOopx0h7", + "uuid_g": "0dcbb08c-9f89-11ea-a2b6-af8c0397f19a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4jutwhfPazk2Xk0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Salesforce.com\",\r\n \"displayName\": \"Salesforce.com\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "IDP_INITIATED", + "debugContext_debugData_signOnMode_s": "SAML 2.0", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1xM4ICWyvzJkhKvfCSfwAAB0A", + "debugContext_debugData_requestUri_s": "/app/panw_captiveportal/exkjz6k4xmhfRgiy20h7/sso/saml", + "debugContext_debugData_url_s": "/app/panw_captiveportal/exkjz6k4xmhfRgiy20h7/sso/saml?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102pTUgC3p8RIqHvzxLCHnFlg", + "displayMessage_s": "User single sign on to app", + "eventType_s": "user.authentication.sso", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:42:43.794Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.auth.sso", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1xM4ICWyvzJkhKvfCSfwAAB0A", + "uuid_g": "114ee403-9f89-11ea-90c4-0110e7a0729a", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0oajz6k4xnDYjAKrU0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Palo Alto Networks - CaptivePortal for RLSC\",\r\n \"displayName\": \"Palo Alto Networks - CaptivePortal\",\r\n \"detailEntry\": {\r\n \"signOnModeType\": \"SAML_2_0\"\r\n }\r\n },\r\n {\r\n \"id\": \"0uarraiiu4qt3H5Vt0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-26T19:50:10.62Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xs1x-HmanAu92QX0vSA2lAAACDM", + "debugContext_debugData_requestUri_s": "/admin/sso/request", + "debugContext_debugData_url_s": "/admin/sso/request?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1027UYfrU6YTuK9Ud2RRH03DQ", + "displayMessage_s": "User accessing Okta admin app", + "eventType_s": "user.session.access_admin_app", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-26T19:46:04.43Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.admin.sso.login.success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xs1x-HmanAu92QX0vSA2lAAACDM", + "uuid_g": "88e58345-9f89-11ea-ba36-c940218a689d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-15T22:07:18.339Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGXNl_sdjT6egq4Khp5V7-g", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-15T21:35:42.372Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rk654j17cYyfY80h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rk654j17cYyfY80h7", + "uuid_g": "071c8ec2-96f4-11ea-9daf-87eea5b99981", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-15T22:07:18.339Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGXNl_sdjT6egq4Khp5V7-g", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-15T21:36:27.389Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rk654j17cYyfY80h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rk654j17cYyfY80h7", + "uuid_g": "21f19bb0-96f4-11ea-9daf-87eea5b99981", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-15T22:08:40.205Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGXNl_sdjT6egq4Khp5V7-g", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-15T21:35:42.372Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rk654j17cYyfY80h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rk654j17cYyfY80h7", + "uuid_g": "071c8ec2-96f4-11ea-9daf-87eea5b99981", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-15T22:08:40.205Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGXNl_sdjT6egq4Khp5V7-g", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-15T21:36:27.389Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rk654j17cYyfY80h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rk654j17cYyfY80h7", + "uuid_g": "21f19bb0-96f4-11ea-9daf-87eea5b99981", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-15T22:10:01.741Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGXNl_sdjT6egq4Khp5V7-g", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-15T21:35:42.372Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rk654j17cYyfY80h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rk654j17cYyfY80h7", + "uuid_g": "071c8ec2-96f4-11ea-9daf-87eea5b99981", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-15T22:10:01.741Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGXNl_sdjT6egq4Khp5V7-g", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-15T21:36:27.389Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rk654j17cYyfY80h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rk654j17cYyfY80h7", + "uuid_g": "21f19bb0-96f4-11ea-9daf-87eea5b99981", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-15T22:10:57.375Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGXNl_sdjT6egq4Khp5V7-g", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-15T21:35:42.372Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rk654j17cYyfY80h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rk654j17cYyfY80h7", + "uuid_g": "071c8ec2-96f4-11ea-9daf-87eea5b99981", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-15T22:10:57.375Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGXNl_sdjT6egq4Khp5V7-g", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-15T21:36:27.389Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rk654j17cYyfY80h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rk654j17cYyfY80h7", + "uuid_g": "21f19bb0-96f4-11ea-9daf-87eea5b99981", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-15T22:02:12.654Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGXNl_sdjT6egq4Khp5V7-g", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-15T21:35:42.372Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rk654j17cYyfY80h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rk654j17cYyfY80h7", + "uuid_g": "071c8ec2-96f4-11ea-9daf-87eea5b99981", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-15T22:02:12.654Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGXNl_sdjT6egq4Khp5V7-g", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-15T21:36:27.389Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rk654j17cYyfY80h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rk654j17cYyfY80h7", + "uuid_g": "21f19bb0-96f4-11ea-9daf-87eea5b99981", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-15T22:04:07.013Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGXNl_sdjT6egq4Khp5V7-g", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-15T21:35:42.372Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rk654j17cYyfY80h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rk654j17cYyfY80h7", + "uuid_g": "071c8ec2-96f4-11ea-9daf-87eea5b99981", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-15T22:04:07.013Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGXNl_sdjT6egq4Khp5V7-g", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-15T21:36:27.389Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rk654j17cYyfY80h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rk654j17cYyfY80h7", + "uuid_g": "21f19bb0-96f4-11ea-9daf-87eea5b99981", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T17:30:03.035Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36", + "client_userAgent_os_s": "Mac OS X", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "68.68.68.68", + "client_geographicalContext_city_s": "Tempe", + "client_geographicalContext_state_s": "Arizona", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "85281", + "client_geographicalContext_geolocation_lat_d": "33.4306", + "client_geographicalContext_geolocation_lon_d": "-111.9256", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "22773", + "securityContext_asOrg_s": "cox communications inc.", + "securityContext_isp_s": "cox communicatons", + "securityContext_domain_s": "cox.net", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "XsgLPdv5iI3bGDFIf1JXdgAADhs", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user88@abccompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-22T17:26:21.912Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "XsgLPdv5iI3bGDFIf1JXdgAADhs", + "uuid_g": "5adfc5fb-9c51-11ea-b6c6-ffa4d1de3333", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"68.68.68.68\",\r\n \"geographicalContext\": {\r\n \"city\": \"Tempe\",\r\n \"state\": \"Arizona\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"85281\",\r\n \"geolocation\": {\r\n \"lat\": 33.4306,\r\n \"lon\": -111.9256\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T17:35:02.68Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36", + "client_userAgent_os_s": "Mac OS X", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "68.68.68.68", + "client_geographicalContext_city_s": "Tempe", + "client_geographicalContext_state_s": "Arizona", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "85281", + "client_geographicalContext_geolocation_lat_d": "33.4306", + "client_geographicalContext_geolocation_lon_d": "-111.9256", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "22773", + "securityContext_asOrg_s": "cox communications inc.", + "securityContext_isp_s": "cox communicatons", + "securityContext_domain_s": "cox.net", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "XsgLPdv5iI3bGDFIf1JXdgAADhs", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user88@abccompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-22T17:26:21.912Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "XsgLPdv5iI3bGDFIf1JXdgAADhs", + "uuid_g": "5adfc5fb-9c51-11ea-b6c6-ffa4d1de3333", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"68.68.68.68\",\r\n \"geographicalContext\": {\r\n \"city\": \"Tempe\",\r\n \"state\": \"Arizona\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"85281\",\r\n \"geolocation\": {\r\n \"lat\": 33.4306,\r\n \"lon\": -111.9256\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T17:40:02.341Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36", + "client_userAgent_os_s": "Mac OS X", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "68.68.68.68", + "client_geographicalContext_city_s": "Tempe", + "client_geographicalContext_state_s": "Arizona", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "85281", + "client_geographicalContext_geolocation_lat_d": "33.4306", + "client_geographicalContext_geolocation_lon_d": "-111.9256", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "22773", + "securityContext_asOrg_s": "cox communications inc.", + "securityContext_isp_s": "cox communicatons", + "securityContext_domain_s": "cox.net", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "XsgLPdv5iI3bGDFIf1JXdgAADhs", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user88@abccompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-22T17:26:21.912Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "XsgLPdv5iI3bGDFIf1JXdgAADhs", + "uuid_g": "5adfc5fb-9c51-11ea-b6c6-ffa4d1de3333", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"68.68.68.68\",\r\n \"geographicalContext\": {\r\n \"city\": \"Tempe\",\r\n \"state\": \"Arizona\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"85281\",\r\n \"geolocation\": {\r\n \"lat\": 33.4306,\r\n \"lon\": -111.9256\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T18:05:02.463Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36", + "client_userAgent_os_s": "Mac OS X", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "68.68.68.68", + "client_geographicalContext_city_s": "Tempe", + "client_geographicalContext_state_s": "Arizona", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "85281", + "client_geographicalContext_geolocation_lat_d": "33.4306", + "client_geographicalContext_geolocation_lon_d": "-111.9256", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "22773", + "securityContext_asOrg_s": "cox communications inc.", + "securityContext_isp_s": "cox communicatons", + "securityContext_domain_s": "cox.net", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "XsgLPdv5iI3bGDFIf1JXdgAADhs", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user88@abccompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-22T17:26:21.912Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "XsgLPdv5iI3bGDFIf1JXdgAADhs", + "uuid_g": "5adfc5fb-9c51-11ea-b6c6-ffa4d1de3333", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"68.68.68.68\",\r\n \"geographicalContext\": {\r\n \"city\": \"Tempe\",\r\n \"state\": \"Arizona\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"85281\",\r\n \"geolocation\": {\r\n \"lat\": 33.4306,\r\n \"lon\": -111.9256\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T17:45:02.183Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36", + "client_userAgent_os_s": "Mac OS X", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "68.68.68.68", + "client_geographicalContext_city_s": "Tempe", + "client_geographicalContext_state_s": "Arizona", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "85281", + "client_geographicalContext_geolocation_lat_d": "33.4306", + "client_geographicalContext_geolocation_lon_d": "-111.9256", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "22773", + "securityContext_asOrg_s": "cox communications inc.", + "securityContext_isp_s": "cox communicatons", + "securityContext_domain_s": "cox.net", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "XsgLPdv5iI3bGDFIf1JXdgAADhs", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user88@abccompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-22T17:26:21.912Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "XsgLPdv5iI3bGDFIf1JXdgAADhs", + "uuid_g": "5adfc5fb-9c51-11ea-b6c6-ffa4d1de3333", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"68.68.68.68\",\r\n \"geographicalContext\": {\r\n \"city\": \"Tempe\",\r\n \"state\": \"Arizona\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"85281\",\r\n \"geolocation\": {\r\n \"lat\": 33.4306,\r\n \"lon\": -111.9256\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T17:50:01.524Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36", + "client_userAgent_os_s": "Mac OS X", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "68.68.68.68", + "client_geographicalContext_city_s": "Tempe", + "client_geographicalContext_state_s": "Arizona", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "85281", + "client_geographicalContext_geolocation_lat_d": "33.4306", + "client_geographicalContext_geolocation_lon_d": "-111.9256", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "22773", + "securityContext_asOrg_s": "cox communications inc.", + "securityContext_isp_s": "cox communicatons", + "securityContext_domain_s": "cox.net", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "XsgLPdv5iI3bGDFIf1JXdgAADhs", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user88@abccompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-22T17:26:21.912Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "XsgLPdv5iI3bGDFIf1JXdgAADhs", + "uuid_g": "5adfc5fb-9c51-11ea-b6c6-ffa4d1de3333", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"68.68.68.68\",\r\n \"geographicalContext\": {\r\n \"city\": \"Tempe\",\r\n \"state\": \"Arizona\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"85281\",\r\n \"geolocation\": {\r\n \"lat\": 33.4306,\r\n \"lon\": -111.9256\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T17:55:02.135Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36", + "client_userAgent_os_s": "Mac OS X", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "68.68.68.68", + "client_geographicalContext_city_s": "Tempe", + "client_geographicalContext_state_s": "Arizona", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "85281", + "client_geographicalContext_geolocation_lat_d": "33.4306", + "client_geographicalContext_geolocation_lon_d": "-111.9256", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "22773", + "securityContext_asOrg_s": "cox communications inc.", + "securityContext_isp_s": "cox communicatons", + "securityContext_domain_s": "cox.net", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "XsgLPdv5iI3bGDFIf1JXdgAADhs", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user88@abccompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-22T17:26:21.912Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "XsgLPdv5iI3bGDFIf1JXdgAADhs", + "uuid_g": "5adfc5fb-9c51-11ea-b6c6-ffa4d1de3333", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"68.68.68.68\",\r\n \"geographicalContext\": {\r\n \"city\": \"Tempe\",\r\n \"state\": \"Arizona\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"85281\",\r\n \"geolocation\": {\r\n \"lat\": 33.4306,\r\n \"lon\": -111.9256\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T18:00:01.144Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36", + "client_userAgent_os_s": "Mac OS X", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "68.68.68.68", + "client_geographicalContext_city_s": "Tempe", + "client_geographicalContext_state_s": "Arizona", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "85281", + "client_geographicalContext_geolocation_lat_d": "33.4306", + "client_geographicalContext_geolocation_lon_d": "-111.9256", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "22773", + "securityContext_asOrg_s": "cox communications inc.", + "securityContext_isp_s": "cox communicatons", + "securityContext_domain_s": "cox.net", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "XsgLPdv5iI3bGDFIf1JXdgAADhs", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user88@abccompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-22T17:26:21.912Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "XsgLPdv5iI3bGDFIf1JXdgAADhs", + "uuid_g": "5adfc5fb-9c51-11ea-b6c6-ffa4d1de3333", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"68.68.68.68\",\r\n \"geographicalContext\": {\r\n \"city\": \"Tempe\",\r\n \"state\": \"Arizona\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"85281\",\r\n \"geolocation\": {\r\n \"lat\": 33.4306,\r\n \"lon\": -111.9256\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T16:00:01.575Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T15:02:56.262Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "5181ca96-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T16:00:01.575Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T15:03:41.279Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "6c56d73c-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:25:01.281Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T08:49:42.547Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "2dd00e83-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:25:01.281Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T08:50:27.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "48a569d0-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:30:00.59Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T08:49:42.547Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "2dd00e83-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:30:00.59Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T08:50:27.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "48a569d0-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:35:02.133Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T08:49:42.547Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "2dd00e83-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:35:02.133Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T08:50:27.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "48a569d0-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:40:00.681Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T08:49:42.547Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "2dd00e83-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:40:00.681Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T08:50:27.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "48a569d0-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:00:00.893Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T08:49:42.547Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "2dd00e83-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:00:00.893Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T08:50:27.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "48a569d0-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:05:02.023Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T08:49:42.547Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "2dd00e83-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:05:02.023Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T08:50:27.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "48a569d0-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:10:00.698Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T08:49:42.547Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "2dd00e83-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:10:00.698Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T08:50:27.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "48a569d0-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T08:55:01.649Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T08:49:42.547Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "2dd00e83-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T08:55:01.649Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T08:50:27.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "48a569d0-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:15:02.079Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T08:49:42.547Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "2dd00e83-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:15:02.079Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T08:50:27.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "48a569d0-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:20:00.583Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T08:49:42.547Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "2dd00e83-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:20:00.583Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T08:50:27.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "48a569d0-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:45:02.049Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T08:49:42.547Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "2dd00e83-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:45:02.049Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T08:50:27.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "48a569d0-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T09:50:01.055Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsRpCuaN0-S-G9CMB8FCt80Q", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T08:50:27.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnn4imlvmcL8JM0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnn4imlvmcL8JM0h7", + "uuid_g": "48a569d0-9c09-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T05:50:01.035Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T05:43:09.327Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "1e223aab-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T05:50:01.035Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T05:43:54.345Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "38f76e0b-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T05:55:02.175Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T05:43:09.327Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "1e223aab-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T05:55:02.175Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T05:43:54.345Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "38f76e0b-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:05:01.719Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T05:43:09.327Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "1e223aab-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:05:01.719Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T05:43:54.345Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "38f76e0b-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:00:01.539Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T05:43:09.327Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "1e223aab-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:00:01.539Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T05:43:54.345Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "38f76e0b-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T05:45:01.631Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T05:43:09.327Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "1e223aab-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T05:45:01.631Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T05:43:54.345Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "38f76e0b-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:10:00.593Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T05:43:09.327Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "1e223aab-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:10:00.593Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T05:43:54.345Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "38f76e0b-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:20:01.373Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T05:43:09.327Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "1e223aab-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:20:01.373Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T05:43:54.345Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "38f76e0b-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:25:01.611Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T05:43:09.327Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "1e223aab-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:25:01.611Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T05:43:54.345Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "38f76e0b-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:15:01.641Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T05:43:09.327Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "1e223aab-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:15:01.641Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T05:43:54.345Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "38f76e0b-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:30:00.936Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T05:43:09.327Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "1e223aab-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:30:00.936Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T05:43:54.345Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "38f76e0b-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:35:00.779Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T05:43:09.327Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "1e223aab-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:35:00.779Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T05:43:54.345Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "38f76e0b-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:40:01.433Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T05:43:09.327Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "1e223aab-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T06:40:01.433Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsofN-O5smS9GuWKSysz7XHg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T05:43:54.345Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnjwbgcKHmJooc0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnjwbgcKHmJooc0h7", + "uuid_g": "38f76e0b-9bef-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T19:50:01.288Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "debugContext_debugData_requestUri_s": "/login/signout", + "debugContext_debugData_url_s": "/login/signout?message=login_page_messages.session_has_expired", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User logout from Okta", + "eventType_s": "user.session.end", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T19:42:33.3Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.logout_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "uuid_g": "36fce1d0-9b9b-11ea-8149-2b7b21ec5f8f", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": {\r\n \"lat\": 34.047,\r\n \"lon\": -118.275\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T19:55:01.216Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "debugContext_debugData_requestUri_s": "/login/signout", + "debugContext_debugData_url_s": "/login/signout?message=login_page_messages.session_has_expired", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User logout from Okta", + "eventType_s": "user.session.end", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T19:42:33.3Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.logout_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "uuid_g": "36fce1d0-9b9b-11ea-8149-2b7b21ec5f8f", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": {\r\n \"lat\": 34.047,\r\n \"lon\": -118.275\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T20:25:01.3Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "debugContext_debugData_requestUri_s": "/login/signout", + "debugContext_debugData_url_s": "/login/signout?message=login_page_messages.session_has_expired", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User logout from Okta", + "eventType_s": "user.session.end", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T19:42:33.3Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.logout_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "uuid_g": "36fce1d0-9b9b-11ea-8149-2b7b21ec5f8f", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": {\r\n \"lat\": 34.047,\r\n \"lon\": -118.275\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T20:30:01.176Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "debugContext_debugData_requestUri_s": "/login/signout", + "debugContext_debugData_url_s": "/login/signout?message=login_page_messages.session_has_expired", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User logout from Okta", + "eventType_s": "user.session.end", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T19:42:33.3Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.logout_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "uuid_g": "36fce1d0-9b9b-11ea-8149-2b7b21ec5f8f", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": {\r\n \"lat\": 34.047,\r\n \"lon\": -118.275\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T20:05:01.791Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "debugContext_debugData_requestUri_s": "/login/signout", + "debugContext_debugData_url_s": "/login/signout?message=login_page_messages.session_has_expired", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User logout from Okta", + "eventType_s": "user.session.end", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T19:42:33.3Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.logout_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "uuid_g": "36fce1d0-9b9b-11ea-8149-2b7b21ec5f8f", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": {\r\n \"lat\": 34.047,\r\n \"lon\": -118.275\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T20:10:02.6Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "debugContext_debugData_requestUri_s": "/login/signout", + "debugContext_debugData_url_s": "/login/signout?message=login_page_messages.session_has_expired", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User logout from Okta", + "eventType_s": "user.session.end", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T19:42:33.3Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.logout_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "uuid_g": "36fce1d0-9b9b-11ea-8149-2b7b21ec5f8f", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": {\r\n \"lat\": 34.047,\r\n \"lon\": -118.275\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T20:35:01.298Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "debugContext_debugData_requestUri_s": "/login/signout", + "debugContext_debugData_url_s": "/login/signout?message=login_page_messages.session_has_expired", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User logout from Okta", + "eventType_s": "user.session.end", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T19:42:33.3Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.logout_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "uuid_g": "36fce1d0-9b9b-11ea-8149-2b7b21ec5f8f", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": {\r\n \"lat\": 34.047,\r\n \"lon\": -118.275\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T20:15:01.105Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "debugContext_debugData_requestUri_s": "/login/signout", + "debugContext_debugData_url_s": "/login/signout?message=login_page_messages.session_has_expired", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User logout from Okta", + "eventType_s": "user.session.end", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T19:42:33.3Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.logout_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "uuid_g": "36fce1d0-9b9b-11ea-8149-2b7b21ec5f8f", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": {\r\n \"lat\": 34.047,\r\n \"lon\": -118.275\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:55:02.754Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0a8kjYvO@XnRXUi96BQAAC9w", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:39.983Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0a8kjYvO@XnRXUi96BQAAC9w", + "uuid_g": "04b0266e-9b85-11ea-b3bc-53d9cf818435", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:55:02.754Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0cUq5eTSaNQ4Zsfh@BwAACZ8", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:45.201Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0cUq5eTSaNQ4Zsfh@BwAACZ8", + "uuid_g": "07cc5a8a-9b85-11ea-9db8-cdf5b6734c8d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:55:02.754Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0dToSMz1mPp7dTZg3NgAAD@k", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:49.666Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0dToSMz1mPp7dTZg3NgAAD@k", + "uuid_g": "0a75a8e6-9b85-11ea-b365-4973b2c3a34d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:55:02.754Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "null", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "Sign-on policy evaluation resulted in CHALLENGE", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGxTDpEoxRIq-0PNuqNxZVQ", + "displayMessage_s": "Evaluation of sign-on policy", + "eventType_s": "policy.evaluate_sign_on", + "outcome_result_s": "CHALLENGE", + "published_t": "2020-05-21T17:03:56.456Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "", + "transaction_id_s": "unknown", + "uuid_g": "0e81bafa-9b85-11ea-915e-3b7765dfc052", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"00pn79xb33o84O0Hc0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OktaSignOn\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prn79ye1mCqWhlUR0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00pn79xb33o84O0Hc0h7\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:55:02.754Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0f6Ht8KiJlr31E9TvOwAABEs", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "PASSWORD_AS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:03:59.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0f6Ht8KiJlr31E9TvOwAABEs", + "uuid_g": "10392e91-9b85-11ea-ab16-b7e40ba477fc", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:55:02.754Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0gYwmo2FnRRqNHNeXtgAAAPI", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "1", + "debugContext_debugData_smsProvider_s": "TELESIGN", + "debugContext_debugData_transactionId_g": "65c8e0c4-6ebc-0104-9195-cd60c6e6a695", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Send second factor auth SMS", + "eventType_s": "system.sms.send_factor_verify_message", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:02.05Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.sms.message_sent.factor", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0gYwmo2FnRRqNHNeXtgAAAPI", + "uuid_g": "11d74ed1-9b85-11ea-8e6c-9d92aa70e8a4", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"mblrjkhau8Q7KqJpX0h7\",\r\n \"type\": \"MobilePhone\",\r\n \"alternateId\": \"+13237923223\",\r\n \"displayName\": \"+13237923223\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:55:02.754Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "SMS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "SMS", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.257Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "191df24c-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:55:02.754Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Verify user identity", + "eventType_s": "user.authentication.verify", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.295Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "1923beae-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:55:02.754Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.291Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "1923226d-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:55:02.754Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0lDxoZPzhe1i7jFq4SgAACjQ", + "debugContext_debugData_requestUri_s": "/admin/sso/request", + "debugContext_debugData_url_s": "/admin/sso/request?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102ShFLHGLHR-OAvnmhj7md1A", + "displayMessage_s": "User accessing Okta admin app", + "eventType_s": "user.session.access_admin_app", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:20.766Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.admin.sso.login.success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0lDxoZPzhe1i7jFq4SgAACjQ", + "uuid_g": "1cff2451-9b85-11ea-8407-359a8bba1e1b", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:55:02.754Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:18:47.319Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "2180a272-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:55:02.754Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T17:19:32.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "3c55af96-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:10:00.803Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:18:47.319Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "2180a272-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:10:00.803Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T17:19:32.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "3c55af96-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:15:00.469Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:18:47.319Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "2180a272-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:15:00.469Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T17:19:32.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "3c55af96-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T20:00:01.611Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "debugContext_debugData_requestUri_s": "/login/signout", + "debugContext_debugData_url_s": "/login/signout?message=login_page_messages.session_has_expired", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User logout from Okta", + "eventType_s": "user.session.end", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T19:42:33.3Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.logout_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "uuid_g": "36fce1d0-9b9b-11ea-8149-2b7b21ec5f8f", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": {\r\n \"lat\": 34.047,\r\n \"lon\": -118.275\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T20:40:01.007Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "debugContext_debugData_requestUri_s": "/login/signout", + "debugContext_debugData_url_s": "/login/signout?message=login_page_messages.session_has_expired", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User logout from Okta", + "eventType_s": "user.session.end", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T19:42:33.3Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.logout_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "uuid_g": "36fce1d0-9b9b-11ea-8149-2b7b21ec5f8f", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T20:40:01.007Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T20:24:20.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "0d6f4f6c-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:35:04.729Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0a8kjYvO@XnRXUi96BQAAC9w", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:39.983Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0a8kjYvO@XnRXUi96BQAAC9w", + "uuid_g": "04b0266e-9b85-11ea-b3bc-53d9cf818435", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:35:04.729Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0cUq5eTSaNQ4Zsfh@BwAACZ8", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:45.201Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0cUq5eTSaNQ4Zsfh@BwAACZ8", + "uuid_g": "07cc5a8a-9b85-11ea-9db8-cdf5b6734c8d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:35:04.729Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0dToSMz1mPp7dTZg3NgAAD@k", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:49.666Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0dToSMz1mPp7dTZg3NgAAD@k", + "uuid_g": "0a75a8e6-9b85-11ea-b365-4973b2c3a34d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:35:04.729Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "null", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "Sign-on policy evaluation resulted in CHALLENGE", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGxTDpEoxRIq-0PNuqNxZVQ", + "displayMessage_s": "Evaluation of sign-on policy", + "eventType_s": "policy.evaluate_sign_on", + "outcome_result_s": "CHALLENGE", + "published_t": "2020-05-21T17:03:56.456Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "", + "transaction_id_s": "unknown", + "uuid_g": "0e81bafa-9b85-11ea-915e-3b7765dfc052", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"00pn79xb33o84O0Hc0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OktaSignOn\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prn79ye1mCqWhlUR0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00pn79xb33o84O0Hc0h7\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:35:04.729Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0f6Ht8KiJlr31E9TvOwAABEs", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "PASSWORD_AS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:03:59.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0f6Ht8KiJlr31E9TvOwAABEs", + "uuid_g": "10392e91-9b85-11ea-ab16-b7e40ba477fc", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:35:04.729Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0gYwmo2FnRRqNHNeXtgAAAPI", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "1", + "debugContext_debugData_smsProvider_s": "TELESIGN", + "debugContext_debugData_transactionId_g": "65c8e0c4-6ebc-0104-9195-cd60c6e6a695", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Send second factor auth SMS", + "eventType_s": "system.sms.send_factor_verify_message", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:02.05Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.sms.message_sent.factor", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0gYwmo2FnRRqNHNeXtgAAAPI", + "uuid_g": "11d74ed1-9b85-11ea-8e6c-9d92aa70e8a4", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"mblrjkhau8Q7KqJpX0h7\",\r\n \"type\": \"MobilePhone\",\r\n \"alternateId\": \"+13237923223\",\r\n \"displayName\": \"+13237923223\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:35:04.729Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "SMS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "SMS", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.257Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "191df24c-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:35:04.729Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Verify user identity", + "eventType_s": "user.authentication.verify", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.295Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "1923beae-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:35:04.729Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.291Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "1923226d-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:35:04.729Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0lDxoZPzhe1i7jFq4SgAACjQ", + "debugContext_debugData_requestUri_s": "/admin/sso/request", + "debugContext_debugData_url_s": "/admin/sso/request?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102ShFLHGLHR-OAvnmhj7md1A", + "displayMessage_s": "User accessing Okta admin app", + "eventType_s": "user.session.access_admin_app", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:20.766Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.admin.sso.login.success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0lDxoZPzhe1i7jFq4SgAACjQ", + "uuid_g": "1cff2451-9b85-11ea-8407-359a8bba1e1b", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:35:04.729Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:18:47.319Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "2180a272-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:35:04.729Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T17:19:32.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "3c55af96-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:40:01.659Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0a8kjYvO@XnRXUi96BQAAC9w", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:39.983Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0a8kjYvO@XnRXUi96BQAAC9w", + "uuid_g": "04b0266e-9b85-11ea-b3bc-53d9cf818435", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:40:01.659Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0cUq5eTSaNQ4Zsfh@BwAACZ8", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:45.201Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0cUq5eTSaNQ4Zsfh@BwAACZ8", + "uuid_g": "07cc5a8a-9b85-11ea-9db8-cdf5b6734c8d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:40:01.659Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0dToSMz1mPp7dTZg3NgAAD@k", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:49.666Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0dToSMz1mPp7dTZg3NgAAD@k", + "uuid_g": "0a75a8e6-9b85-11ea-b365-4973b2c3a34d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:40:01.659Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "null", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "Sign-on policy evaluation resulted in CHALLENGE", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGxTDpEoxRIq-0PNuqNxZVQ", + "displayMessage_s": "Evaluation of sign-on policy", + "eventType_s": "policy.evaluate_sign_on", + "outcome_result_s": "CHALLENGE", + "published_t": "2020-05-21T17:03:56.456Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "", + "transaction_id_s": "unknown", + "uuid_g": "0e81bafa-9b85-11ea-915e-3b7765dfc052", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"00pn79xb33o84O0Hc0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OktaSignOn\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prn79ye1mCqWhlUR0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00pn79xb33o84O0Hc0h7\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:40:01.659Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0f6Ht8KiJlr31E9TvOwAABEs", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "PASSWORD_AS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:03:59.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0f6Ht8KiJlr31E9TvOwAABEs", + "uuid_g": "10392e91-9b85-11ea-ab16-b7e40ba477fc", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:40:01.659Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0gYwmo2FnRRqNHNeXtgAAAPI", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "1", + "debugContext_debugData_smsProvider_s": "TELESIGN", + "debugContext_debugData_transactionId_g": "65c8e0c4-6ebc-0104-9195-cd60c6e6a695", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Send second factor auth SMS", + "eventType_s": "system.sms.send_factor_verify_message", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:02.05Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.sms.message_sent.factor", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0gYwmo2FnRRqNHNeXtgAAAPI", + "uuid_g": "11d74ed1-9b85-11ea-8e6c-9d92aa70e8a4", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"mblrjkhau8Q7KqJpX0h7\",\r\n \"type\": \"MobilePhone\",\r\n \"alternateId\": \"+13237923223\",\r\n \"displayName\": \"+13237923223\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:40:01.659Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "SMS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "SMS", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.257Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "191df24c-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:40:01.659Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Verify user identity", + "eventType_s": "user.authentication.verify", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.295Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "1923beae-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:40:01.659Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.291Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "1923226d-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:40:01.659Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0lDxoZPzhe1i7jFq4SgAACjQ", + "debugContext_debugData_requestUri_s": "/admin/sso/request", + "debugContext_debugData_url_s": "/admin/sso/request?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102ShFLHGLHR-OAvnmhj7md1A", + "displayMessage_s": "User accessing Okta admin app", + "eventType_s": "user.session.access_admin_app", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:20.766Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.admin.sso.login.success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0lDxoZPzhe1i7jFq4SgAACjQ", + "uuid_g": "1cff2451-9b85-11ea-8407-359a8bba1e1b", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:40:01.659Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:18:47.319Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "2180a272-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:40:01.659Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T17:19:32.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "3c55af96-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:45:02.785Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0a8kjYvO@XnRXUi96BQAAC9w", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:39.983Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0a8kjYvO@XnRXUi96BQAAC9w", + "uuid_g": "04b0266e-9b85-11ea-b3bc-53d9cf818435", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:45:02.785Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0cUq5eTSaNQ4Zsfh@BwAACZ8", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:45.201Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0cUq5eTSaNQ4Zsfh@BwAACZ8", + "uuid_g": "07cc5a8a-9b85-11ea-9db8-cdf5b6734c8d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:45:02.785Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0dToSMz1mPp7dTZg3NgAAD@k", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:49.666Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0dToSMz1mPp7dTZg3NgAAD@k", + "uuid_g": "0a75a8e6-9b85-11ea-b365-4973b2c3a34d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:45:02.785Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "null", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "Sign-on policy evaluation resulted in CHALLENGE", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGxTDpEoxRIq-0PNuqNxZVQ", + "displayMessage_s": "Evaluation of sign-on policy", + "eventType_s": "policy.evaluate_sign_on", + "outcome_result_s": "CHALLENGE", + "published_t": "2020-05-21T17:03:56.456Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "", + "transaction_id_s": "unknown", + "uuid_g": "0e81bafa-9b85-11ea-915e-3b7765dfc052", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"00pn79xb33o84O0Hc0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OktaSignOn\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prn79ye1mCqWhlUR0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00pn79xb33o84O0Hc0h7\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:45:02.785Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0f6Ht8KiJlr31E9TvOwAABEs", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "PASSWORD_AS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:03:59.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0f6Ht8KiJlr31E9TvOwAABEs", + "uuid_g": "10392e91-9b85-11ea-ab16-b7e40ba477fc", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:45:02.785Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0gYwmo2FnRRqNHNeXtgAAAPI", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "1", + "debugContext_debugData_smsProvider_s": "TELESIGN", + "debugContext_debugData_transactionId_g": "65c8e0c4-6ebc-0104-9195-cd60c6e6a695", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Send second factor auth SMS", + "eventType_s": "system.sms.send_factor_verify_message", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:02.05Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.sms.message_sent.factor", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0gYwmo2FnRRqNHNeXtgAAAPI", + "uuid_g": "11d74ed1-9b85-11ea-8e6c-9d92aa70e8a4", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"mblrjkhau8Q7KqJpX0h7\",\r\n \"type\": \"MobilePhone\",\r\n \"alternateId\": \"+13237923223\",\r\n \"displayName\": \"+13237923223\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:45:02.785Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "SMS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "SMS", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.257Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "191df24c-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:45:02.785Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Verify user identity", + "eventType_s": "user.authentication.verify", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.295Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "1923beae-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:45:02.785Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.291Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "1923226d-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:45:02.785Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0lDxoZPzhe1i7jFq4SgAACjQ", + "debugContext_debugData_requestUri_s": "/admin/sso/request", + "debugContext_debugData_url_s": "/admin/sso/request?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102ShFLHGLHR-OAvnmhj7md1A", + "displayMessage_s": "User accessing Okta admin app", + "eventType_s": "user.session.access_admin_app", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:20.766Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.admin.sso.login.success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0lDxoZPzhe1i7jFq4SgAACjQ", + "uuid_g": "1cff2451-9b85-11ea-8407-359a8bba1e1b", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:45:02.785Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:18:47.319Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "2180a272-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:45:02.785Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T17:19:32.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "3c55af96-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:50:01.784Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0a8kjYvO@XnRXUi96BQAAC9w", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:39.983Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0a8kjYvO@XnRXUi96BQAAC9w", + "uuid_g": "04b0266e-9b85-11ea-b3bc-53d9cf818435", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:50:01.784Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0cUq5eTSaNQ4Zsfh@BwAACZ8", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:45.201Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0cUq5eTSaNQ4Zsfh@BwAACZ8", + "uuid_g": "07cc5a8a-9b85-11ea-9db8-cdf5b6734c8d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:50:01.784Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0dToSMz1mPp7dTZg3NgAAD@k", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:49.666Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0dToSMz1mPp7dTZg3NgAAD@k", + "uuid_g": "0a75a8e6-9b85-11ea-b365-4973b2c3a34d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:50:01.784Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "null", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "Sign-on policy evaluation resulted in CHALLENGE", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGxTDpEoxRIq-0PNuqNxZVQ", + "displayMessage_s": "Evaluation of sign-on policy", + "eventType_s": "policy.evaluate_sign_on", + "outcome_result_s": "CHALLENGE", + "published_t": "2020-05-21T17:03:56.456Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "", + "transaction_id_s": "unknown", + "uuid_g": "0e81bafa-9b85-11ea-915e-3b7765dfc052", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"00pn79xb33o84O0Hc0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OktaSignOn\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prn79ye1mCqWhlUR0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00pn79xb33o84O0Hc0h7\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:50:01.784Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0f6Ht8KiJlr31E9TvOwAABEs", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "PASSWORD_AS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:03:59.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0f6Ht8KiJlr31E9TvOwAABEs", + "uuid_g": "10392e91-9b85-11ea-ab16-b7e40ba477fc", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:50:01.784Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0gYwmo2FnRRqNHNeXtgAAAPI", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "1", + "debugContext_debugData_smsProvider_s": "TELESIGN", + "debugContext_debugData_transactionId_g": "65c8e0c4-6ebc-0104-9195-cd60c6e6a695", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Send second factor auth SMS", + "eventType_s": "system.sms.send_factor_verify_message", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:02.05Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.sms.message_sent.factor", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0gYwmo2FnRRqNHNeXtgAAAPI", + "uuid_g": "11d74ed1-9b85-11ea-8e6c-9d92aa70e8a4", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"mblrjkhau8Q7KqJpX0h7\",\r\n \"type\": \"MobilePhone\",\r\n \"alternateId\": \"+13237923223\",\r\n \"displayName\": \"+13237923223\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:50:01.784Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "SMS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "SMS", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.257Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "191df24c-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:50:01.784Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Verify user identity", + "eventType_s": "user.authentication.verify", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.295Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "1923beae-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:50:01.784Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.291Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "1923226d-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:50:01.784Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0lDxoZPzhe1i7jFq4SgAACjQ", + "debugContext_debugData_requestUri_s": "/admin/sso/request", + "debugContext_debugData_url_s": "/admin/sso/request?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102ShFLHGLHR-OAvnmhj7md1A", + "displayMessage_s": "User accessing Okta admin app", + "eventType_s": "user.session.access_admin_app", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:20.766Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.admin.sso.login.success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0lDxoZPzhe1i7jFq4SgAACjQ", + "uuid_g": "1cff2451-9b85-11ea-8407-359a8bba1e1b", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:50:01.784Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:18:47.319Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "2180a272-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:50:01.784Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T17:19:32.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "3c55af96-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:00:01.258Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0a8kjYvO@XnRXUi96BQAAC9w", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:39.983Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0a8kjYvO@XnRXUi96BQAAC9w", + "uuid_g": "04b0266e-9b85-11ea-b3bc-53d9cf818435", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:00:01.258Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0cUq5eTSaNQ4Zsfh@BwAACZ8", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:45.201Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0cUq5eTSaNQ4Zsfh@BwAACZ8", + "uuid_g": "07cc5a8a-9b85-11ea-9db8-cdf5b6734c8d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:00:01.258Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0dToSMz1mPp7dTZg3NgAAD@k", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:49.666Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0dToSMz1mPp7dTZg3NgAAD@k", + "uuid_g": "0a75a8e6-9b85-11ea-b365-4973b2c3a34d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:00:01.258Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "null", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "Sign-on policy evaluation resulted in CHALLENGE", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGxTDpEoxRIq-0PNuqNxZVQ", + "displayMessage_s": "Evaluation of sign-on policy", + "eventType_s": "policy.evaluate_sign_on", + "outcome_result_s": "CHALLENGE", + "published_t": "2020-05-21T17:03:56.456Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "", + "transaction_id_s": "unknown", + "uuid_g": "0e81bafa-9b85-11ea-915e-3b7765dfc052", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"00pn79xb33o84O0Hc0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OktaSignOn\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prn79ye1mCqWhlUR0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00pn79xb33o84O0Hc0h7\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:00:01.258Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0f6Ht8KiJlr31E9TvOwAABEs", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "PASSWORD_AS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:03:59.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0f6Ht8KiJlr31E9TvOwAABEs", + "uuid_g": "10392e91-9b85-11ea-ab16-b7e40ba477fc", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:00:01.258Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0gYwmo2FnRRqNHNeXtgAAAPI", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "1", + "debugContext_debugData_smsProvider_s": "TELESIGN", + "debugContext_debugData_transactionId_g": "65c8e0c4-6ebc-0104-9195-cd60c6e6a695", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Send second factor auth SMS", + "eventType_s": "system.sms.send_factor_verify_message", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:02.05Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.sms.message_sent.factor", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0gYwmo2FnRRqNHNeXtgAAAPI", + "uuid_g": "11d74ed1-9b85-11ea-8e6c-9d92aa70e8a4", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"mblrjkhau8Q7KqJpX0h7\",\r\n \"type\": \"MobilePhone\",\r\n \"alternateId\": \"+13237923223\",\r\n \"displayName\": \"+13237923223\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:00:01.258Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "SMS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "SMS", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.257Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "191df24c-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:00:01.258Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Verify user identity", + "eventType_s": "user.authentication.verify", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.295Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "1923beae-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:00:01.258Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.291Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "1923226d-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:00:01.258Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0lDxoZPzhe1i7jFq4SgAACjQ", + "debugContext_debugData_requestUri_s": "/admin/sso/request", + "debugContext_debugData_url_s": "/admin/sso/request?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102ShFLHGLHR-OAvnmhj7md1A", + "displayMessage_s": "User accessing Okta admin app", + "eventType_s": "user.session.access_admin_app", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:20.766Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.admin.sso.login.success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0lDxoZPzhe1i7jFq4SgAACjQ", + "uuid_g": "1cff2451-9b85-11ea-8407-359a8bba1e1b", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:00:01.258Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:18:47.319Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "2180a272-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:00:01.258Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T17:19:32.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "3c55af96-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:05:01.317Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:18:47.319Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "2180a272-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T18:05:01.317Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T17:19:32.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "3c55af96-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T20:20:00.76Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "debugContext_debugData_requestUri_s": "/login/signout", + "debugContext_debugData_url_s": "/login/signout?message=login_page_messages.session_has_expired", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User logout from Okta", + "eventType_s": "user.session.end", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T19:42:33.3Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.logout_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "uuid_g": "36fce1d0-9b9b-11ea-8149-2b7b21ec5f8f", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": {\r\n \"lat\": 34.047,\r\n \"lon\": -118.275\r\n }\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:19:50.987Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0a8kjYvO@XnRXUi96BQAAC9w", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:39.983Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0a8kjYvO@XnRXUi96BQAAC9w", + "uuid_g": "04b0266e-9b85-11ea-b3bc-53d9cf818435", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:19:50.987Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0cUq5eTSaNQ4Zsfh@BwAACZ8", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:45.201Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0cUq5eTSaNQ4Zsfh@BwAACZ8", + "uuid_g": "07cc5a8a-9b85-11ea-9db8-cdf5b6734c8d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:19:50.987Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0dToSMz1mPp7dTZg3NgAAD@k", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:49.666Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0dToSMz1mPp7dTZg3NgAAD@k", + "uuid_g": "0a75a8e6-9b85-11ea-b365-4973b2c3a34d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:19:50.987Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "null", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "Sign-on policy evaluation resulted in CHALLENGE", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGxTDpEoxRIq-0PNuqNxZVQ", + "displayMessage_s": "Evaluation of sign-on policy", + "eventType_s": "policy.evaluate_sign_on", + "outcome_result_s": "CHALLENGE", + "published_t": "2020-05-21T17:03:56.456Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "", + "transaction_id_s": "unknown", + "uuid_g": "0e81bafa-9b85-11ea-915e-3b7765dfc052", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"00pn79xb33o84O0Hc0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OktaSignOn\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prn79ye1mCqWhlUR0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00pn79xb33o84O0Hc0h7\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:19:50.987Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0f6Ht8KiJlr31E9TvOwAABEs", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "PASSWORD_AS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:03:59.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0f6Ht8KiJlr31E9TvOwAABEs", + "uuid_g": "10392e91-9b85-11ea-ab16-b7e40ba477fc", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:19:50.987Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0gYwmo2FnRRqNHNeXtgAAAPI", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "1", + "debugContext_debugData_smsProvider_s": "TELESIGN", + "debugContext_debugData_transactionId_g": "65c8e0c4-6ebc-0104-9195-cd60c6e6a695", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Send second factor auth SMS", + "eventType_s": "system.sms.send_factor_verify_message", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:02.05Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.sms.message_sent.factor", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0gYwmo2FnRRqNHNeXtgAAAPI", + "uuid_g": "11d74ed1-9b85-11ea-8e6c-9d92aa70e8a4", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"mblrjkhau8Q7KqJpX0h7\",\r\n \"type\": \"MobilePhone\",\r\n \"alternateId\": \"+13237923223\",\r\n \"displayName\": \"+13237923223\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:19:50.987Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "SMS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "SMS", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.257Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "191df24c-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:19:50.987Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Verify user identity", + "eventType_s": "user.authentication.verify", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.295Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "1923beae-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:19:50.987Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.291Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "1923226d-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:19:50.987Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0lDxoZPzhe1i7jFq4SgAACjQ", + "debugContext_debugData_requestUri_s": "/admin/sso/request", + "debugContext_debugData_url_s": "/admin/sso/request?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102ShFLHGLHR-OAvnmhj7md1A", + "displayMessage_s": "User accessing Okta admin app", + "eventType_s": "user.session.access_admin_app", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:20.766Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.admin.sso.login.success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0lDxoZPzhe1i7jFq4SgAACjQ", + "uuid_g": "1cff2451-9b85-11ea-8407-359a8bba1e1b", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:20:02.358Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0a8kjYvO@XnRXUi96BQAAC9w", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:39.983Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0a8kjYvO@XnRXUi96BQAAC9w", + "uuid_g": "04b0266e-9b85-11ea-b3bc-53d9cf818435", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:20:02.358Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0cUq5eTSaNQ4Zsfh@BwAACZ8", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:45.201Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0cUq5eTSaNQ4Zsfh@BwAACZ8", + "uuid_g": "07cc5a8a-9b85-11ea-9db8-cdf5b6734c8d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:20:02.358Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "VERIFICATION_ERROR", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "VERIFICATION_ERROR", + "debugContext_debugData_requestId_s": "Xsa0dToSMz1mPp7dTZg3NgAAD@k", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "unknown", + "actor_type_s": "User", + "actor_alternateId_s": "user55@xyzcompany.com", + "actor_displayName_s": "unknown", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "unknown", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "FAILURE", + "published_t": "2020-05-21T17:03:49.666Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_failed", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0dToSMz1mPp7dTZg3NgAAD@k", + "uuid_g": "0a75a8e6-9b85-11ea-b365-4973b2c3a34d", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:20:02.358Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "null", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "Sign-on policy evaluation resulted in CHALLENGE", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsGxTDpEoxRIq-0PNuqNxZVQ", + "displayMessage_s": "Evaluation of sign-on policy", + "eventType_s": "policy.evaluate_sign_on", + "outcome_result_s": "CHALLENGE", + "published_t": "2020-05-21T17:03:56.456Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "", + "transaction_id_s": "unknown", + "uuid_g": "0e81bafa-9b85-11ea-915e-3b7765dfc052", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"00pn79xb33o84O0Hc0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OktaSignOn\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prn79ye1mCqWhlUR0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00pn79xb33o84O0Hc0h7\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:20:02.358Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0f6Ht8KiJlr31E9TvOwAABEs", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "PASSWORD_AS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:03:59.336Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0f6Ht8KiJlr31E9TvOwAABEs", + "uuid_g": "10392e91-9b85-11ea-ab16-b7e40ba477fc", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:20:02.358Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0gYwmo2FnRRqNHNeXtgAAAPI", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "1", + "debugContext_debugData_smsProvider_s": "TELESIGN", + "debugContext_debugData_transactionId_g": "65c8e0c4-6ebc-0104-9195-cd60c6e6a695", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Send second factor auth SMS", + "eventType_s": "system.sms.send_factor_verify_message", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:02.05Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.sms.message_sent.factor", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0gYwmo2FnRRqNHNeXtgAAAPI", + "uuid_g": "11d74ed1-9b85-11ea-8e6c-9d92aa70e8a4", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"mblrjkhau8Q7KqJpX0h7\",\r\n \"type\": \"MobilePhone\",\r\n \"alternateId\": \"+13237923223\",\r\n \"displayName\": \"+13237923223\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:20:02.358Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "SMS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "SMS", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.257Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "191df24c-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:20:02.358Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "Verify user identity", + "eventType_s": "user.authentication.verify", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.295Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "1923beae-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:20:02.358Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/smsrjkfodqeijoByT0h7/verify?rememberDevice=true", + "debugContext_debugData_deviceFingerprint_g": "ade03304-2eb2-3b2f-d57e-5cfe92c81793", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:14.291Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0jsrRwcZCgqayiBz9hAAAE6Q", + "uuid_g": "1923226d-9b85-11ea-b77b-31ca8cf3f4c7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:20:02.358Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "Xsa0lDxoZPzhe1i7jFq4SgAACjQ", + "debugContext_debugData_requestUri_s": "/admin/sso/request", + "debugContext_debugData_url_s": "/admin/sso/request?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102ShFLHGLHR-OAvnmhj7md1A", + "displayMessage_s": "User accessing Okta admin app", + "eventType_s": "user.session.access_admin_app", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:04:20.766Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.admin.sso.login.success", + "transaction_type_s": "WEB", + "transaction_id_s": "Xsa0lDxoZPzhe1i7jFq4SgAACjQ", + "uuid_g": "1cff2451-9b85-11ea-8407-359a8bba1e1b", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00urjk4znu3BcncfY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user100@accenture.com\",\r\n \"displayName\": \"user 100\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:20:02.358Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsrNs16mkmSGSW_PZb6x6Raw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T17:18:47.319Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn2o7cbWNp7QlD0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn2o7cbWNp7QlD0h7", + "uuid_g": "2180a272-9b87-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "XBO_SourceID", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAUmgfm3qO11jAN1UvycgAAAOI", + "debugContext_debugData_requestUri_s": "/api/v1/apps/user/types/otypu410jibUgAunq0h7/schemas/schpu410jhNYOihSW0h7", + "debugContext_debugData_url_s": "/api/v1/apps/user/types/otypu410jibUgAunq0h7/schemas/schpu410jhNYOihSW0h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "Update application user profile", + "eventType_s": "directory.app_user_profile.update", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:34:18.522Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "cvd.appuser_profile_updated", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAUmgfm3qO11jAN1UvycgAAAOI", + "uuid_g": "635d7019-54d0-11ea-9a2c-5f28972cb90e", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"otypu410jibUgAunq0h7\",\r\n \"type\": \"Schema\",\r\n \"alternateId\": \"oidc_client_58f8f40\",\r\n \"displayName\": \"Comcast-Contour-Web User\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": {\r\n \"appEventIsPersonal\": \"false\"\r\n }\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "accountGUID", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAUyAfm3qO11jAN1UvzKwAAARQ", + "debugContext_debugData_requestUri_s": "/api/v1/apps/user/types/otypu410jibUgAunq0h7/schemas/schpu410jhNYOihSW0h7", + "debugContext_debugData_url_s": "/api/v1/apps/user/types/otypu410jibUgAunq0h7/schemas/schpu410jhNYOihSW0h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "Update application user profile", + "eventType_s": "directory.app_user_profile.update", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:04.591Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "cvd.appuser_profile_updated", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAUyAfm3qO11jAN1UvzKwAAARQ", + "uuid_g": "7ed302eb-54d0-11ea-b03f-31768d1f105b", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"otypu410jibUgAunq0h7\",\r\n \"type\": \"Schema\",\r\n \"alternateId\": \"oidc_client_58f8f40\",\r\n \"displayName\": \"Comcast-Contour-Web User\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": {\r\n \"appEventIsPersonal\": \"false\"\r\n }\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "gaapu4nrtiARDqd3l0h7", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAU86D2MN8C84ZbLMjQfAAADtk", + "debugContext_debugData_requestUri_s": "/api/v1/apps/0oapu410jbSyAzP6R0h7/groups/00g1dzveh7BQTBOIJRVG", + "debugContext_debugData_url_s": "/api/v1/apps/0oapu410jbSyAzP6R0h7/groups/00g1dzveh7BQTBOIJRVG?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "", + "displayMessage_s": "Remove assigned application from group", + "eventType_s": "group.application_assignment.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:47.896Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "group.application_assignment.remove", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAU86D2MN8C84ZbLMjQfAAADtk", + "uuid_g": "98a2d42c-54d0-11ea-ae9d-ab1307f05e53", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00g1dzveh7BQTBOIJRVG\",\r\n \"type\": \"UserGroup\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"Everyone\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:49.804Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "99c5f7a3-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szgtexLyAql0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"tu1@example.com\",\r\n \"displayName\": \"Test User\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00u4kovkhjfHfv36Y0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"tu1@example.com\",\r\n \"displayName\": \"Test User\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:49.532Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "999c768f-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szffGVH0GEw0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"anantha.addanki@accenture.com\",\r\n \"displayName\": \"Anantha Addanki\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00u4346h34ldfmJJK0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"anantha.addanki@accenture.com\",\r\n \"displayName\": \"Anantha Addanki\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:49.458Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "99912bec-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szf2DX1eoTR0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"manoje.nair@accenture.com\",\r\n \"displayName\": \"Manoje Nair\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00u1dzvehfAUZKMGQTSV\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"manoje.nair@accenture.com\",\r\n \"displayName\": \"Manoje Nair\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:49.605Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "99a79a24-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szg6tpSaFzy0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"cj.cui@accenture.com\",\r\n \"displayName\": \"Cj Cui\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00u435lylz8gvsEl10h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"cj.cui@accenture.com\",\r\n \"displayName\": \"Cj Cui\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:49.94Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "99dab82e-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szgzatTizUm0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"deepa.patil@accenture.com\",\r\n \"displayName\": \"Deepa Patil\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00u4tkg5a3SMXW5qR0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"deepa.patil@accenture.com\",\r\n \"displayName\": \"Deepa Patil\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:49.667Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "99b11008-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szgmozbalj30h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"adit.muthanna@accenture.com\",\r\n \"displayName\": \"Adit Muthanna\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00u435lymcfksY6Dj0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"adit.muthanna@accenture.com\",\r\n \"displayName\": \"Adit Muthanna\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:49.872Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "99d057e8-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szgwKJPWZUJ0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"tua@corp.okta.org\",\r\n \"displayName\": \"Tu A\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00u4mlcgi9WLZXgGE0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"tua@corp.okta.org\",\r\n \"displayName\": \"Tu A\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:50.133Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "99f82b4a-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szh8wy12JbY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"patrick.c.crane@accenture.com\",\r\n \"displayName\": \"Patrick Crane\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00ua9zi6mkBYbT2nw0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"patrick.c.crane@accenture.com\",\r\n \"displayName\": \"Patrick Crane\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:49.735Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "99bb704d-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szgqsSfSpYh0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"asyncin@gmail.com\",\r\n \"displayName\": \"J B\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00u4esrzoetVLPDtD0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"asyncin@gmail.com\",\r\n \"displayName\": \"J B\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:50.005Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "99e4a342-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szh20u1CjLk0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"david.hsiao@accenture.com\",\r\n \"displayName\": \"David Hsiao\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00u4tkg6qiKgoQLSB0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"david.hsiao@accenture.com\",\r\n \"displayName\": \"David Hsiao\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:50.069Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "99ee6746-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szh5PbgBpJq0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"brent.wissbrod@accenture.com\",\r\n \"displayName\": \"Brent Wissbrod\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00u82tmvnwwJrNfcw0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"brent.wissbrod@accenture.com\",\r\n \"displayName\": \"Brent Wissbrod\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:50.335Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9a16fcf6-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szhhSg7ByPb0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"muhammed.islam@accenture.com\",\r\n \"displayName\": \"Max Islam\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00ujz0ru21OCDLpi70h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"muhammed.islam@accenture.com\",\r\n \"displayName\": \"Max Islam\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:50.268Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9a0cc3c2-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szheutqIzGG0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"neeraj.j.gupta@accenture.com\",\r\n \"displayName\": \"Neeraj Gupta\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00ujyz3vxs0qEzo4Z0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"neeraj.j.gupta@accenture.com\",\r\n \"displayName\": \"Neeraj Gupta\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:50.468Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9a2b484d-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szhpPpoZdig0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"kelley.a.cote@accenture.com\",\r\n \"displayName\": \"Kelley Cote\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00ujz4vix0elq3jfw0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"kelley.a.cote@accenture.com\",\r\n \"displayName\": \"Kelley Cote\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:50.401Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9a210f1a-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szhkJbEK5xH0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"gina.c.andrews@accenture.com\",\r\n \"displayName\": \"Gina Andrews\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00ujz4sobhEcRkj7x0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"gina.c.andrews@accenture.com\",\r\n \"displayName\": \"Gina Andrews\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:50.6Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9a3f6c97-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szixdmFOzJg0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"test.user@gmail.com\",\r\n \"displayName\": \"Test user\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00uk01twkal8eL81E0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"test.user@gmail.com\",\r\n \"displayName\": \"Test user\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:50.2Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9a02647e-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szhbXWeZtEb0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"ryan.talbert@accenture.com\",\r\n \"displayName\": \"Ryan Talbert\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00uabbm6weLc0ERZ90h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"ryan.talbert@accenture.com\",\r\n \"displayName\": \"Ryan Talbert\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:50.93Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9a71c74c-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szkvvZvANCZ0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"jeanette_cabardo@merck.com\",\r\n \"displayName\": \"Jeanette Cabardo\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00uk5o57zlSueJE5s0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"jeanette_cabardo@merck.com\",\r\n \"displayName\": \"Jeanette Cabardo\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:50.737Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9a545430-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szk3gfaj4iG0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"ankit.be.kumar@accenture.com\",\r\n \"displayName\": \"Ankit Kumar\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00uk40cpe1us9L75q0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"ankit.be.kumar@accenture.com\",\r\n \"displayName\": \"Ankit Kumar\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:50.802Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9a5e3f44-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szkiSiDa9a50h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"gazali.nawaz@accenture.com\",\r\n \"displayName\": \"Gazali Nawaz\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00uk40crp5LKheu9k0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"gazali.nawaz@accenture.com\",\r\n \"displayName\": \"Gazali Nawaz\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:51.061Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9a85c483-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szl5XChEeBC0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"khertzel@fmi.com\",\r\n \"displayName\": \"Kent Hertzel\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00ukmcargpyx7mcMp0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"khertzel@fmi.com\",\r\n \"displayName\": \"Kent Hertzel\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:51.127Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9a8fd6a7-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szl827AzfKv0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"jonathan.f.rodriguez@avanade.com\",\r\n \"displayName\": \"Jonathan Rodriguez\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00ukodyibakWsVvsj0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"jonathan.f.rodriguez@avanade.com\",\r\n \"displayName\": \"Jonathan Rodriguez\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:50.534Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9a355a73-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szi1IGJaC5p0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"max@gigafaze.com\",\r\n \"displayName\": \"Netsec RLSC\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00ujza10t43Yg30uZ0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"max@gigafaze.com\",\r\n \"displayName\": \"Netsec RLSC\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:50.668Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9a49ccdb-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szjl1CeZOcI0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"mush101@gmail.com\",\r\n \"displayName\": \"mushtest user\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00uk3yv51itLIcVL80h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"mush101@gmail.com\",\r\n \"displayName\": \"mushtest user\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:50.994Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9a7b8b50-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szl1CSvW6mt0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"ted.t.tagami@accenture.com\",\r\n \"displayName\": \"Ted Tagami\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00uk9sx7gmzXxeN0F0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"ted.t.tagami@accenture.com\",\r\n \"displayName\": \"Ted Tagami\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:51.193Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9a99e8cc-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szlbno77jBq0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"alex.p.huynh@accenture.com\",\r\n \"displayName\": \"Alex Huynh\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00ukts16p9XZgZuds0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"alex.p.huynh@accenture.com\",\r\n \"displayName\": \"Alex Huynh\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:50.865Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9a67dc37-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szkpgev7UNf0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"arvind.kkumar@accenture.com\",\r\n \"displayName\": \"Arvind Kumar\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00uk40dyngFvsKAsX0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"arvind.kkumar@accenture.com\",\r\n \"displayName\": \"Arvind Kumar\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:51.46Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9ac2a68b-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szlnyeFiVZw0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"vu.be@avanade.com\",\r\n \"displayName\": \"Vu Be\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00ul30xbzoMg15bJX0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"vu.be@avanade.com\",\r\n \"displayName\": \"Vu Be\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:51.26Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9aa421ff-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szleLRF573Y0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"abhijit.sarmah@accenture.com\",\r\n \"displayName\": \"abhijit Sarmah\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00ul2va0p4CHhmYKe0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"abhijit.sarmah@accenture.com\",\r\n \"displayName\": \"abhijit Sarmah\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:51.392Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9ab84648-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szlk71FL0nK0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"Cynthia.libby@avanade.com\",\r\n \"displayName\": \"Cynthia Libby\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00ul30w60hePjn3xg0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"Cynthia.libby@avanade.com\",\r\n \"displayName\": \"Cynthia Libby\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:52.044Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9b1bc32b-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9pr617jPjT0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"krishna.dasari@accenture.com\",\r\n \"displayName\": \"krishna dasari\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00uowd1j6q67GcSwo0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"krishna.dasari@accenture.com\",\r\n \"displayName\": \"krishna dasari\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:51.528Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9acd06cf-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szlq7E4CqJN0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"test@example.com\",\r\n \"displayName\": \"Test User1\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00ul5lxthxOOz7YDV0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"test@example.com\",\r\n \"displayName\": \"Test User1\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:51.801Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9af6aef0-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9pfLtk3VG00h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"andrea.foschini@accenture.com\",\r\n \"displayName\": \"Andrea Foshini\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00unkel3ac1pSq5i90h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"andrea.foschini@accenture.com\",\r\n \"displayName\": \"Andrea Foshini\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:51.328Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9aae8243-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szlhsx20BdY0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"Anthony.f.bernard@avanade.com\",\r\n \"displayName\": \"Tony Bernard\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00ul30vc4rzjCuQxi0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"Anthony.f.bernard@avanade.com\",\r\n \"displayName\": \"Tony Bernard\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:51.592Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9ad6cad3-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4szltDGsX7nv0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"ankit.balram.singi@accenture.com\",\r\n \"displayName\": \"Ankit Balram\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00unkei53j4o17vN10h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"ankit.balram.singi@accenture.com\",\r\n \"displayName\": \"Ankit Balram\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:51.733Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9aec4eab-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9oygBoOEos0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"h.xu@accenture.com\",\r\n \"displayName\": \"Nick Xu\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00unkej1w75sazEJu0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"h.xu@accenture.com\",\r\n \"displayName\": \"Nick Xu\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:51.665Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9ae1ee67-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9o3FUPAS3y0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"francis-john.ho@accenture.com\",\r\n \"displayName\": \"John Francis\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00unkein1ficxdzkY0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"francis-john.ho@accenture.com\",\r\n \"displayName\": \"John Francis\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:51.863Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9b0024d3-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9plOJWiKCC0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"tien.jing.woon@accenture.com\",\r\n \"displayName\": \"Tien Jing\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00unkelo95DMjowxS0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"tien.jing.woon@accenture.com\",\r\n \"displayName\": \"Tien Jing\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:52.37Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9b4d819e-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9q6ifQzUon0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"ganga.sravanthi@accenture.com\",\r\n \"displayName\": \"Ganga Sravanthi\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00up6a6qt4T5triHO0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"ganga.sravanthi@accenture.com\",\r\n \"displayName\": \"Ganga Sravanthi\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:51.932Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9b0aac27-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9ponzXTvmP0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"paul.krasucki@accenture.com\",\r\n \"displayName\": \"Paul Krasucki\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00unu9i5i4PnxLuFX0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"paul.krasucki@accenture.com\",\r\n \"displayName\": \"Paul Krasucki\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:52.622Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9b73f56e-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9qiEgyJ1MM0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"william.david.d.bunn@accenture.com\",\r\n \"displayName\": \"David Bunn\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00up6v9yvfqX3PilZ0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"william.david.d.bunn@accenture.com\",\r\n \"displayName\": \"David Bunn\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:52.178Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9b303592-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9pxDzotJXw0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"hamed.hajibeik@accenture.com\",\r\n \"displayName\": \"hamed hajibeik\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00uowd6g2e91Qrwa80h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"hamed.hajibeik@accenture.com\",\r\n \"displayName\": \"hamed hajibeik\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:52.494Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9b606d68-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9qcngOrHIX0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"vamsheedhar.gopathi@accenture.com\",\r\n \"displayName\": \"Vamsheedhar Gopathi\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00up6afc85s14RheS0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"vamsheedhar.gopathi@accenture.com\",\r\n \"displayName\": \"Vamsheedhar Gopathi\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:52.112Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9b26236e-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9puxMs5xaw0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"priyank.bhargava@accenture.com\",\r\n \"displayName\": \"Priyank Bhargava\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00uowd3uuztnPJ17M0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"priyank.bhargava@accenture.com\",\r\n \"displayName\": \"Priyank Bhargava\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:52.558Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9b6a316b-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9qf40o0iwP0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"sai.pallapothu.v.g.s@accenture.com\",\r\n \"displayName\": \"Sai Pallapothu V G S\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00up6anfp120vh7AP0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"sai.pallapothu.v.g.s@accenture.com\",\r\n \"displayName\": \"Sai Pallapothu V G S\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:52.431Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9b56d072-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9q9wGiJYEi0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"m.reddy.polemreddy@accenture.com\",\r\n \"displayName\": \"Mounika Polemreddy\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00up6a6qtkptt4QKQ0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"m.reddy.polemreddy@accenture.com\",\r\n \"displayName\": \"Mounika Polemreddy\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:52.239Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9b398467-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9q0jIcZXps0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"robert.l.donald@accenture.com\",\r\n \"displayName\": \"Robert Donald\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00up5yni1qooePFoo0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"robert.l.donald@accenture.com\",\r\n \"displayName\": \"Robert Donald\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:52.683Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9b7d4443-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9qlasMqr0h0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"maciej.m.prechitko@accenture.com\",\r\n \"displayName\": \"Maciej Prechitko\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00up6vbbvytQEnQUE0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"maciej.m.prechitko@accenture.com\",\r\n \"displayName\": \"Maciej Prechitko\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:52.814Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9b91417b-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9rb93tBxHU0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"syed.i.nayer@accenture.com\",\r\n \"displayName\": \"syed nayer\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00uph9ffx7cBmZF1r0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"syed.i.nayer@accenture.com\",\r\n \"displayName\": \"syed nayer\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:52.879Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9b9b2c8e-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9sbDMq1YWH0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user22@abccompany.com\",\r\n \"displayName\": \"user 22\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00upp5sfezD7xDw2I0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user22@abccompany.com\",\r\n \"displayName\": \"user 22\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:52.75Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9b877d77-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9qof0DGL0l0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"prashant.p.gajjar@accenture.com\",\r\n \"displayName\": \"Prashant Gajjar\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00updqdbcrRGtCdya0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"prashant.p.gajjar@accenture.com\",\r\n \"displayName\": \"Prashant Gajjar\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:52.304Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9b436f7a-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9q3LubXtUC0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"shalyn.hockett@avanade.com\",\r\n \"displayName\": \"Shalyn Hockett\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00up5zhgjhTnFhFnv0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"shalyn.hockett@avanade.com\",\r\n \"displayName\": \"Shalyn Hockett\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsq8uQcyQ8QqysLiEqQIUd8A", + "displayMessage_s": "Remove user's application membership", + "eventType_s": "application.user_membership.remove", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:35:52.945Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.deactivate_user_from_app", + "transaction_type_s": "JOB", + "transaction_id_s": "gampvxjz2klxApudB0h7", + "uuid_g": "9ba53eb3-54d0-11ea-9689-37de53adb2f9", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0uapu4t9t369GBCw30h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"alexander.mcauliffe@accenture.com\",\r\n \"displayName\": \"Alexander Mcauliffe\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00upp5wq3tBhMCtrL0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"alexander.mcauliffe@accenture.com\",\r\n \"displayName\": \"Alexander Mcauliffe\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAVIeDwzgxpaCcGncpomwAAB9k", + "debugContext_debugData_requestUri_s": "/api/v1/apps/0oapu410jbSyAzP6R0h7/users", + "debugContext_debugData_url_s": "/api/v1/apps/0oapu410jbSyAzP6R0h7/users?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "Add user to application membership", + "eventType_s": "application.user_membership.add", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:36:34.008Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.provision.assign_user_to_app", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAVIeDwzgxpaCcGncpomwAAB9k", + "uuid_g": "b41ef5f7-54d0-11ea-a2e4-a302f1590a27", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"0uapvxucd8fpTUeZm0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user22@abccompany.com\",\r\n \"displayName\": \"user 22\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"00upp5sfezD7xDw2I0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user22@abccompany.com\",\r\n \"displayName\": \"user 22\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAVd0wpZp3LJd1b3fMIUAAABMA", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/scopes/scppufdfcmyWbvwaA0h7", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/scopes/scppufdfcmyWbvwaA0h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "Update policy rule", + "eventType_s": "policy.rule.update", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:37:59.235Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "policy.rule.updated", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAVd0wpZp3LJd1b3fMIUAAABMA", + "uuid_g": "e6eb9159-54d0-11ea-9701-15c1a0ef6e97", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00ppuf2ogtHhy5OOu0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"test\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OAuthAuthzPolicy\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prpuffjruAv7kDvc0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00ppuf2ogtHhy5OOu0h7\",\r\n \"displayName\": \"Comcast\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAVd0wpZp3LJd1b3fMIUAAABMA", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/scopes/scppufdfcmyWbvwaA0h7", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/scopes/scppufdfcmyWbvwaA0h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "OAuth2 scope is deleted.", + "eventType_s": "oauth2.scope.deleted", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:37:59.239Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "api.oauth2.scope.deleted", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAVd0wpZp3LJd1b3fMIUAAABMA", + "uuid_g": "e6ec2d9a-54d0-11ea-9701-15c1a0ef6e97", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"scppufdfcmyWbvwaA0h7\",\r\n \"type\": \"OAuth2ScopeEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"Comcast\",\r\n \"detailEntry\": {\r\n \"authorizationserverid\": \"auspue94kdt03kSfP0h7\",\r\n \"oauth2scopedescription\": \"Comcast specific custom scope\"\r\n }\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAV8LnUE08vOPZ53crvrQAABlc", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/claims/oclpufrw2laYfT7y10h7", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/claims/oclpufrw2laYfT7y10h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "OAuth2 claim is updated.", + "eventType_s": "oauth2.claim.updated", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:40:00.916Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "api.oauth2.claim.updated", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAV8LnUE08vOPZ53crvrQAABlc", + "uuid_g": "2f729d50-54d1-11ea-9701-15c1a0ef6e97", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"oclpufrw2laYfT7y10h7\",\r\n \"type\": \"OAuth2ClaimEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"XBOAcct\",\r\n \"detailEntry\": {\r\n \"authorizationserverid\": \"auspue94kdt03kSfP0h7\",\r\n \"oauth2claimclaimtype\": \"IDENTITY\",\r\n \"oauth2claimvalue\": \"(user != null) ? user.xbo_acct : app.clientId\",\r\n \"oauth2claimsystem\": \"false\",\r\n \"oauth2claimvaluetype\": \"EXPRESSION\"\r\n }\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAWaODwzgxpaCcGncpwAQAAB@8", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies/00ppuf2ogtHhy5OOu0h7/rules/0prpuffjruAv7kDvc0h7", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies/00ppuf2ogtHhy5OOu0h7/rules/0prpuffjruAv7kDvc0h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "Update policy rule", + "eventType_s": "policy.rule.update", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:42:00.423Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "policy.rule.updated", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAWaODwzgxpaCcGncpwAQAAB@8", + "uuid_g": "76adef7a-54d1-11ea-82b4-e34587666ab4", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00ppuf2ogtHhy5OOu0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"test\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OAuthAuthzPolicy\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prpuffjruAv7kDvc0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00ppuf2ogtHhy5OOu0h7\",\r\n \"displayName\": \"Comcast\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAWxMI954-R2ZMWA37EkwAACak", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/claims/oclpufrw2laYfT7y10h7", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/claims/oclpufrw2laYfT7y10h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "OAuth2 claim is deleted.", + "eventType_s": "oauth2.claim.deleted", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:43:32.368Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "api.oauth2.claim.deleted", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAWxMI954-R2ZMWA37EkwAACak", + "uuid_g": "ad7ba114-54d1-11ea-bfba-bbe516264dbb", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"oclpufrw2laYfT7y10h7\",\r\n \"type\": \"OAuth2ClaimEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"XBOAcct\",\r\n \"detailEntry\": {\r\n \"authorizationserverid\": \"auspue94kdt03kSfP0h7\",\r\n \"oauth2claimclaimtype\": \"IDENTITY\",\r\n \"oauth2claimvalue\": \"(user != null) ? user.xbo_acct : app.clientId\",\r\n \"oauth2claimsystem\": \"false\",\r\n \"oauth2claimvaluetype\": \"EXPRESSION\"\r\n }\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAXN4XgEfR@D9RMsFJ6DAAAAao", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies/00ppuf2ogtHhy5OOu0h7/rules/0prpuffjruAv7kDvc0h7", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies/00ppuf2ogtHhy5OOu0h7/rules/0prpuffjruAv7kDvc0h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "Update policy rule", + "eventType_s": "policy.rule.update", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:45:27.366Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "policy.rule.updated", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAXN4XgEfR@D9RMsFJ6DAAAAao", + "uuid_g": "f206eeef-54d1-11ea-9cbd-19c8f22507d7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00ppuf2ogtHhy5OOu0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"test\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OAuthAuthzPolicy\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prpuffjruAv7kDvc0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00ppuf2ogtHhy5OOu0h7\",\r\n \"displayName\": \"Comcast Enrichment Rule\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAaPOIjTcsQk9XtfaRg3AAACME", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies/00ppuf2ogtHhy5OOu0h7", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies/00ppuf2ogtHhy5OOu0h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "Update policy", + "eventType_s": "policy.lifecycle.update", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:58:20.992Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "policy.updated", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAaPOIjTcsQk9XtfaRg3AAACME", + "uuid_g": "bf24e448-54d3-11ea-b03f-31768d1f105b", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00ppuf2ogtHhy5OOu0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"test\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OAuthAuthzPolicy\"\r\n }\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAakpC3lwk@WD1vPL7lDQAABZc", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "Create policy", + "eventType_s": "policy.lifecycle.create", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T17:59:46.829Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "policy.created", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAakpC3lwk@WD1vPL7lDQAABZc", + "uuid_g": "f24e9447-54d3-11ea-bccd-f7e6da46d99a", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00ppvyjn9jK1f4Dir0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"policy 2\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OAuthAuthzPolicy\"\r\n }\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAa1JTPNGO4aWL4n4QV3QAAEI4", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies/00ppvyjn9jK1f4Dir0h7/rules/", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies/00ppvyjn9jK1f4Dir0h7/rules/?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "Add policy rule", + "eventType_s": "policy.rule.add", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T18:00:52.966Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "policy.rule.added", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAa1JTPNGO4aWL4n4QV3QAAEI4", + "uuid_g": "19ba48bc-54d4-11ea-829b-e5ff343c0c5f", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00ppvyjn9jK1f4Dir0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"policy 2\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OAuthAuthzPolicy\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prpvyqavnPV9wrci0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00ppvyjn9jK1f4Dir0h7\",\r\n \"displayName\": \"Campus policy rule\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAbFCvGRpPfqjIsB84JcAAADlw", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies/00ppuf2ogtHhy5OOu0h7", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies/00ppuf2ogtHhy5OOu0h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "Update policy", + "eventType_s": "policy.lifecycle.update", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T18:01:56.536Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "policy.updated", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAbFCvGRpPfqjIsB84JcAAADlw", + "uuid_g": "3f9e4c6a-54d4-11ea-995c-89cf39442255", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00ppuf2ogtHhy5OOu0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"Contour web enrichment policy\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OAuthAuthzPolicy\"\r\n }\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAbPxoaOARV-2ksnpg83AAADA0", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies/00ppvyjn9jK1f4Dir0h7", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies/00ppvyjn9jK1f4Dir0h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "Update policy", + "eventType_s": "policy.lifecycle.update", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T18:02:39.48Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "policy.updated", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAbPxoaOARV-2ksnpg83AAADA0", + "uuid_g": "593707c8-54d4-11ea-82b4-e34587666ab4", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00ppvyjn9jK1f4Dir0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"Campus app enrichment\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OAuthAuthzPolicy\"\r\n }\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAbxD9nE0Sfo9jvLP1PQwAAB18", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/claims/oclpue94kkludBKXc0h7", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/claims/oclpue94kkludBKXc0h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "OAuth2 claim is updated.", + "eventType_s": "oauth2.claim.updated", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T18:04:52.717Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "api.oauth2.claim.updated", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAbxD9nE0Sfo9jvLP1PQwAAB18", + "uuid_g": "a8a161eb-54d4-11ea-aa34-99d010e04bcb", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"oclpue94kkludBKXc0h7\",\r\n \"type\": \"OAuth2ClaimEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"sub\",\r\n \"detailEntry\": {\r\n \"authorizationserverid\": \"auspue94kdt03kSfP0h7\",\r\n \"oauth2claimclaimtype\": \"RESOURCE\",\r\n \"oauth2claimvalue\": \"(appuser != null) ? appuser.userName : app.clientId\",\r\n \"oauth2claimsystem\": \"true\",\r\n \"oauth2claimvaluetype\": \"EXPRESSION\"\r\n }\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAcIyLGt1corN8kMx@LbwAABBM", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/claims", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/claims?includeClaims=sub%2Ccustom", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "OAuth2 claim is created.", + "eventType_s": "oauth2.claim.created", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T18:06:27.318Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "api.oauth2.claim.created", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAcIyLGt1corN8kMx@LbwAABBM", + "uuid_g": "e10459d0-54d4-11ea-b1d7-ad9a9b258c61", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"oclpvytprxY8sMBxb0h7\",\r\n \"type\": \"OAuth2ClaimEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"xbo-acct\",\r\n \"detailEntry\": {\r\n \"authorizationserverid\": \"auspue94kdt03kSfP0h7\",\r\n \"oauth2claimclaimtype\": \"RESOURCE\",\r\n \"oauth2claimvalue\": \"(appuser != null) ? appuser.xbo_acct : app.clientId\",\r\n \"oauth2claimsystem\": \"false\",\r\n \"oauth2claimvaluetype\": \"EXPRESSION\"\r\n }\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "accountGUID", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAc1O@h1SVPzNFcY1fMBQAAB-E", + "debugContext_debugData_requestUri_s": "/api/v1/apps/user/types/otypu410jibUgAunq0h7/schemas/schpu410jhNYOihSW0h7", + "debugContext_debugData_url_s": "/api/v1/apps/user/types/otypu410jibUgAunq0h7/schemas/schpu410jhNYOihSW0h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "Update application user profile", + "eventType_s": "directory.app_user_profile.update", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T18:09:24.935Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "cvd.appuser_profile_updated", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAc1O@h1SVPzNFcY1fMBQAAB-E", + "uuid_g": "4ae28d70-54d5-11ea-b641-c3b019c45fa2", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"otypu410jibUgAunq0h7\",\r\n \"type\": \"Schema\",\r\n \"alternateId\": \"oidc_client_58f8f40\",\r\n \"displayName\": \"Comcast-Contour-Web User\",\r\n \"detailEntry\": null\r\n },\r\n {\r\n \"id\": \"0oapu410jbSyAzP6R0h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"Comcast-Contour-Web\",\r\n \"displayName\": \"OpenID Connect Client\",\r\n \"detailEntry\": {\r\n \"appEventIsPersonal\": \"false\"\r\n }\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAdRh8cnEgV24d703Zl3QAAAGw", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/claims/oclpvytprxY8sMBxb0h7", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/claims/oclpvytprxY8sMBxb0h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "OAuth2 claim is updated.", + "eventType_s": "oauth2.claim.updated", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T18:11:18.216Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "api.oauth2.claim.updated", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAdRh8cnEgV24d703Zl3QAAAGw", + "uuid_g": "8e67dd71-54d5-11ea-82b4-e34587666ab4", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"oclpvytprxY8sMBxb0h7\",\r\n \"type\": \"OAuth2ClaimEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"xbo-acct\",\r\n \"detailEntry\": {\r\n \"authorizationserverid\": \"auspue94kdt03kSfP0h7\",\r\n \"oauth2claimclaimtype\": \"RESOURCE\",\r\n \"oauth2claimvalue\": \"(appuser != null) ? oidc_client_58f8f40.XBO_SourceID : app.clientId\",\r\n \"oauth2claimsystem\": \"false\",\r\n \"oauth2claimvaluetype\": \"EXPRESSION\"\r\n }\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAdqZ4omt2zQ0W0FCUW6QAABOc", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/claims/oclpvytprxY8sMBxb0h7", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/claims/oclpvytprxY8sMBxb0h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "OAuth2 claim is updated.", + "eventType_s": "oauth2.claim.updated", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T18:12:57.82Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "api.oauth2.claim.updated", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAdqZ4omt2zQ0W0FCUW6QAABOc", + "uuid_g": "c9c63a95-54d5-11ea-89bf-eb5f9328625c", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"oclpvytprxY8sMBxb0h7\",\r\n \"type\": \"OAuth2ClaimEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"xbo-acct\",\r\n \"detailEntry\": {\r\n \"authorizationserverid\": \"auspue94kdt03kSfP0h7\",\r\n \"oauth2claimclaimtype\": \"IDENTITY\",\r\n \"oauth2claimvalue\": \"(appuser != null) ? oidc_client_58f8f40.XBO_SourceID : app.clientId\",\r\n \"oauth2claimsystem\": \"false\",\r\n \"oauth2claimvaluetype\": \"EXPRESSION\"\r\n }\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAdtreaqKKQC0LQ8zg4wQAAAnU", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies/00ppuf2ogtHhy5OOu0h7/rules/0prpuffjruAv7kDvc0h7", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies/00ppuf2ogtHhy5OOu0h7/rules/0prpuffjruAv7kDvc0h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "Update policy rule", + "eventType_s": "policy.rule.update", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T18:13:10.168Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "policy.rule.updated", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAdtreaqKKQC0LQ8zg4wQAAAnU", + "uuid_g": "d1226188-54d5-11ea-98e4-11d18a752ba4", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00ppuf2ogtHhy5OOu0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"Contour web enrichment policy\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OAuthAuthzPolicy\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prpuffjruAv7kDvc0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00ppuf2ogtHhy5OOu0h7\",\r\n \"displayName\": \"Comcast Enrichment Rule\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAeHBSx-54nHJi9Xui2cgAACjI", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies/00ppuf2ogtHhy5OOu0h7/rules/0prpuffjruAv7kDvc0h7", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/policies/00ppuf2ogtHhy5OOu0h7/rules/0prpuffjruAv7kDvc0h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "Update policy rule", + "eventType_s": "policy.rule.update", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T18:14:52.419Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "policy.rule.updated", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAeHBSx-54nHJi9Xui2cgAACjI", + "uuid_g": "0e14a575-54d6-11ea-86db-2fe3388905ba", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00ppuf2ogtHhy5OOu0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"Contour web enrichment policy\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OAuthAuthzPolicy\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prpuffjruAv7kDvc0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00ppuf2ogtHhy5OOu0h7\",\r\n \"displayName\": \"Comcast Enrichment Rule\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlAeOa9v6x3Riza-7thOPgAABAw", + "debugContext_debugData_requestUri_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/claims/oclpvytprxY8sMBxb0h7", + "debugContext_debugData_url_s": "/api/v1/authorizationServers/auspue94kdt03kSfP0h7/claims/oclpvytprxY8sMBxb0h7?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102D--WocMrQfmiD6RavummbA", + "displayMessage_s": "OAuth2 claim is deleted.", + "eventType_s": "oauth2.claim.deleted", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T18:15:21.953Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "api.oauth2.claim.deleted", + "transaction_type_s": "WEB", + "transaction_id_s": "XlAeOa9v6x3Riza-7thOPgAABAw", + "uuid_g": "1faf2d58-54d6-11ea-9d65-158aaa3d35f7", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"oclpvytprxY8sMBxb0h7\",\r\n \"type\": \"OAuth2ClaimEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"xbo-acct\",\r\n \"detailEntry\": {\r\n \"authorizationserverid\": \"auspue94kdt03kSfP0h7\",\r\n \"oauth2claimclaimtype\": \"IDENTITY\",\r\n \"oauth2claimvalue\": \"(appuser != null) ? oidc_client_58f8f40.XBO_SourceID : app.clientId\",\r\n \"oauth2claimsystem\": \"false\",\r\n \"oauth2claimvaluetype\": \"EXPRESSION\"\r\n }\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs8iZUoxGRQBez6iu8zVKJ8w", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T19:59:56.023Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pw32jlrABBmRRl0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pw32jlrABBmRRl0h7", + "uuid_g": "bb5248e6-54e4-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs8iZUoxGRQBez6iu8zVKJ8w", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-02-21T20:00:41.04Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pw32jlrABBmRRl0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pw32jlrABBmRRl0h7", + "uuid_g": "d62755ba-54e4-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "XlAPvD2MI1dHB021FZ8u4wAACxc", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "50.50.50.50", + "client_geographicalContext_city_s": "Dublin", + "client_geographicalContext_state_s": "Ohio", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "43017", + "client_geographicalContext_geolocation_lat_d": "40.1104", + "client_geographicalContext_geolocation_lon_d": "-83.1131", + "outcome_reason_s": "", + "securityContext_asNumber_d": "12083", + "securityContext_asOrg_s": "wideopenwest finance", + "securityContext_isp_s": "wideopenwest finance", + "securityContext_domain_s": "wideopenwest.com", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XlA5BwAo1SZ7D5vojQ@XyAAADbE", + "debugContext_debugData_requestUri_s": "/login/signout", + "debugContext_debugData_url_s": "/login/signout?message=login_page_messages.session_has_expired", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00upp5sfezD7xDw2I0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user22@abccompany.com", + "actor_displayName_s": "user 22", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1021pDnxltcTSW61UkDtZwTgA", + "displayMessage_s": "User logout from Okta", + "eventType_s": "user.session.end", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T20:09:43.174Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.logout_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XlA5BwAo1SZ7D5vojQ@XyAAADbE", + "uuid_g": "194a6b1e-54e6-11ea-a04e-8b1dd24478f1", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"50.50.50.50\",\r\n \"geographicalContext\": {\r\n \"city\": \"Dublin\",\r\n \"state\": \"Ohio\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"43017\",\r\n \"geolocation\": \"@{lat=40.1104; lon=-83.1131}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsZAF5DK5lTxakTuGYU6NAuQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-21T22:59:00.954Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pw7abw2PSH3W3r0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pw7abw2PSH3W3r0h7", + "uuid_g": "bfcca3f9-54fd-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsZAF5DK5lTxakTuGYU6NAuQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-02-21T22:59:45.973Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pw7abw2PSH3W3r0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pw7abw2PSH3W3r0h7", + "uuid_g": "daa1fe6d-54fd-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsFjdfSWvASU2X0ZYJ6v-_qA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-22T01:59:55.834Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwatv7aGZoR9UR0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwatv7aGZoR9UR0h7", + "uuid_g": "05cfe1d6-5517-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsFjdfSWvASU2X0ZYJ6v-_qA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-02-22T02:00:40.85Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwatv7aGZoR9UR0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwatv7aGZoR9UR0h7", + "uuid_g": "20a4c812-5517-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs5pIwg85zSCeV4IMsVKwi9g", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-22T04:59:54.934Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwdwccuGEK4FQN0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwdwccuGEK4FQN0h7", + "uuid_g": "2a93c60b-5530-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs5pIwg85zSCeV4IMsVKwi9g", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-02-22T05:00:39.95Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwdwccuGEK4FQN0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwdwccuGEK4FQN0h7", + "uuid_g": "4568aaf5-5530-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsWF0T3pNtS-uefmgzUgIncA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-22T07:59:54.444Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwfxsxu9yRZvHP0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwfxsxu9yRZvHP0h7", + "uuid_g": "4f963927-5549-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsWF0T3pNtS-uefmgzUgIncA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-02-22T08:00:39.474Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwfxsxu9yRZvHP0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwfxsxu9yRZvHP0h7", + "uuid_g": "6a6d41ab-5549-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsqEb9SGKlSwawvJoqoQ9VDA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-22T10:59:55.544Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwgw0fahk6wOHc0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwgw0fahk6wOHc0h7", + "uuid_g": "758b4a62-5562-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsqEb9SGKlSwawvJoqoQ9VDA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-02-22T11:00:40.559Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwgw0fahk6wOHc0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwgw0fahk6wOHc0h7", + "uuid_g": "906007fb-5562-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trssIMbcP7iTWuset8zVS9L9g", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-22T13:59:54.743Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwhspkkbGpR6AB0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwhspkkbGpR6AB0h7", + "uuid_g": "9a5e48b7-557b-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trssIMbcP7iTWuset8zVS9L9g", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-02-22T14:00:39.759Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwhspkkbGpR6AB0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwhspkkbGpR6AB0h7", + "uuid_g": "b5332e5d-557b-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trslutIOG61Rf-4rZ9jE0eHHA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-22T17:00:58.782Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwijnqo9XVKWoT0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwijnqo9XVKWoT0h7", + "uuid_g": "e5d713e6-5594-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trslutIOG61Rf-4rZ9jE0eHHA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-02-22T17:01:43.798Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwijnqo9XVKWoT0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwijnqo9XVKWoT0h7", + "uuid_g": "00abfa39-5595-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsopI2sqUCRvmXWRQGDXkM1A", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-22T19:59:40.99Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwj8sphLkr7S3i0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwj8sphLkr7S3i0h7", + "uuid_g": "dcc62e85-55ad-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsopI2sqUCRvmXWRQGDXkM1A", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-02-22T20:00:26.006Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwj8sphLkr7S3i0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwj8sphLkr7S3i0h7", + "uuid_g": "f79b13f3-55ad-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsB9G0qfhfREiNYr4Z45U1ew", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-22T22:59:55.985Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwk235jxKHX1zT0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwk235jxKHX1zT0h7", + "uuid_g": "0b0374ad-55c7-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsB9G0qfhfREiNYr4Z45U1ew", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-02-22T23:00:41Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwk235jxKHX1zT0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwk235jxKHX1zT0h7", + "uuid_g": "25d83354-55c7-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsva8NBRDdSJCr_qAWQ0OdLA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-23T01:59:51.358Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwkx7r2bixwitV0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwkx7r2bixwitV0h7", + "uuid_g": "2d8ea6d5-55e0-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsva8NBRDdSJCr_qAWQ0OdLA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-02-23T02:00:36.375Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwkx7r2bixwitV0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwkx7r2bixwitV0h7", + "uuid_g": "4863b2ba-55e0-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:31:00.014Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsiMxKGP3TQ4WwfGpSlGwU1A", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-02-23T04:59:54.061Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1pwlqltmOw7W5Ek0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1pwlqltmOw7W5Ek0h7", + "uuid_g": "54785088-55f9-11ea-821d-b5ced580563a", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsU0Ldq1BMQ0aXtxNiclc3OA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-11T17:52:43.006Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qvwft300Uv9kwQ0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qvwft300Uv9kwQ0h7", + "uuid_g": "3e57d252-7c1d-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsU0Ldq1BMQ0aXtxNiclc3OA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-11T17:53:28.022Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qvwft300Uv9kwQ0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qvwft300Uv9kwQ0h7", + "uuid_g": "592cb7e6-7c1d-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsD52dy1ecSI67fuF1vmQ1tg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-11T20:56:41.611Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qvy0n25KbRcAGC0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qvy0n25KbRcAGC0h7", + "uuid_g": "f1dd4613-7c36-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsD52dy1ecSI67fuF1vmQ1tg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-11T20:57:26.627Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qvy0n25KbRcAGC0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qvy0n25KbRcAGC0h7", + "uuid_g": "0cb22b57-7c37-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsHE_Cks4dRm2rDrI47PVSPw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-12T00:00:49.391Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qw0jglikCfIcfE0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qw0jglikCfIcfE0h7", + "uuid_g": "aadab813-7c50-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsHE_Cks4dRm2rDrI47PVSPw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-12T00:01:34.405Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qw0jglikCfIcfE0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qw0jglikCfIcfE0h7", + "uuid_g": "c5af4f74-7c50-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsLJCUWeujSRKtI7Rwk_PmpA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-12T03:07:11.34Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qw33yosoc5naIB0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qw33yosoc5naIB0h7", + "uuid_g": "b3d0bb8d-7c6a-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsLJCUWeujSRKtI7Rwk_PmpA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-12T03:07:56.356Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qw33yosoc5naIB0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qw33yosoc5naIB0h7", + "uuid_g": "cea5a0a2-7c6a-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsM-FwqVtfS2eS1riF7dBWNA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-12T06:11:00.264Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qw5bn592JurP9L0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qw5bn592JurP9L0h7", + "uuid_g": "6190fb4a-7c84-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsM-FwqVtfS2eS1riF7dBWNA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-12T06:11:45.28Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qw5bn592JurP9L0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qw5bn592JurP9L0h7", + "uuid_g": "7c65e032-7c84-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsv-G_Sm-FTF6h0EYgPtdC7A", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-12T09:15:59.156Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qw7ibf1lEBXCti0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qw7ibf1lEBXCti0h7", + "uuid_g": "39057f58-7c9e-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsv-G_Sm-FTF6h0EYgPtdC7A", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-12T09:16:44.171Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qw7ibf1lEBXCti0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qw7ibf1lEBXCti0h7", + "uuid_g": "53da3e5a-7c9e-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEXbh7BobRjGiQZNRGtp1Ag", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-12T12:22:21.971Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qw9tez6BQwp9s40h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qw9tez6BQwp9s40h7", + "uuid_g": "427fa650-7cb8-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEXbh7BobRjGiQZNRGtp1Ag", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-12T12:23:06.987Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qw9tez6BQwp9s40h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qw9tez6BQwp9s40h7", + "uuid_g": "5d548c98-7cb8-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsU8Dls5_9TniEC9bk9_3E7A", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-12T15:26:47.085Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwc4pwmDMiF2ND0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwc4pwmDMiF2ND0h7", + "uuid_g": "05d20e16-7cd2-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsU8Dls5_9TniEC9bk9_3E7A", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-12T15:27:32.102Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwc4pwmDMiF2ND0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwc4pwmDMiF2ND0h7", + "uuid_g": "20a71ad5-7cd2-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trskq17Gw3nSbK7m5ya50UYpg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-12T18:31:08.731Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qweavoh4wW5IV10h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qweavoh4wW5IV10h7", + "uuid_g": "c71349a1-7ceb-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trskq17Gw3nSbK7m5ya50UYpg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-12T18:31:53.746Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qweavoh4wW5IV10h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qweavoh4wW5IV10h7", + "uuid_g": "e1e807c7-7ceb-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsBW6fe4QyQUeoVHDSl5VMEw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-12T21:36:46.029Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwginzo7C0s8aq0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwginzo7C0s8aq0h7", + "uuid_g": "b56c186e-7d05-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsBW6fe4QyQUeoVHDSl5VMEw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-12T21:37:31.044Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwginzo7C0s8aq0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwginzo7C0s8aq0h7", + "uuid_g": "d040d6cc-7d05-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs2JylXlkdRuO6_Vz7o4TT7A", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-13T00:41:40.551Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwigfp8TovhKp20h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwigfp8TovhKp20h7", + "uuid_g": "8a45cd8c-7d1f-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs2JylXlkdRuO6_Vz7o4TT7A", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-13T00:42:25.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwigfp8TovhKp20h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwigfp8TovhKp20h7", + "uuid_g": "a51a8c4c-7d1f-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsiyyrSJsrSoum909r_1OiqA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-13T03:46:45.279Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwjslozGY1i4tt0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwjslozGY1i4tt0h7", + "uuid_g": "6534d37b-7d39-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsiyyrSJsrSoum909r_1OiqA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-13T03:47:30.295Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwjslozGY1i4tt0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwjslozGY1i4tt0h7", + "uuid_g": "8009b8b2-7d39-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsBS2VqPHOS4mJHJDPfY-stg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-13T06:51:00.976Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwlfnmy0a7zjnP0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwlfnmy0a7zjnP0h7", + "uuid_g": "22ea4f19-7d53-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsBS2VqPHOS4mJHJDPfY-stg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-13T06:51:45.991Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwlfnmy0a7zjnP0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwlfnmy0a7zjnP0h7", + "uuid_g": "3dbf0e6c-7d53-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs408yId2rSFG43D0NwDKKQA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-13T09:56:33.592Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwnkr3eaaz0enc0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwnkr3eaaz0enc0h7", + "uuid_g": "0e78b422-7d6d-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs408yId2rSFG43D0NwDKKQA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-13T09:57:18.609Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwnkr3eaaz0enc0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwnkr3eaaz0enc0h7", + "uuid_g": "294dc0b8-7d6d-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsdA4Trb5yQB6HV_7Gh8SjOQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-13T13:05:59.452Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwpxfapokkQPZX0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwpxfapokkQPZX0h7", + "uuid_g": "850d4ea4-7d87-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsdA4Trb5yQB6HV_7Gh8SjOQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-13T13:06:44.469Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwpxfapokkQPZX0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwpxfapokkQPZX0h7", + "uuid_g": "9fe25b22-7d87-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUhqaJntNQXqh2pH-L70ifw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-13T16:18:10.383Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwtvos65WwPDKm0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwtvos65WwPDKm0h7", + "uuid_g": "5e05bee5-7da2-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUhqaJntNQXqh2pH-L70ifw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-13T16:18:55.398Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwtvos65WwPDKm0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwtvos65WwPDKm0h7", + "uuid_g": "78da7d25-7da2-11ea-a0a5-3dc24a4cbe51", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trspUxMr2sXRymXhbrX-k1yyg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-13T19:50:02.647Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwxym2kutichgw0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwxym2kutichgw0h7", + "uuid_g": "f71f4afd-7dbf-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trspUxMr2sXRymXhbrX-k1yyg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-13T19:50:47.665Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qwxym2kutichgw0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qwxym2kutichgw0h7", + "uuid_g": "11f47e88-7dc0-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs2Yz4-3oEROaNq0HFeNupKA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-13T23:14:20.855Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qx1t7e8fXuq5zT0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qx1t7e8fXuq5zT0h7", + "uuid_g": "81956560-7ddc-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs2Yz4-3oEROaNq0HFeNupKA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-13T23:15:05.871Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qx1t7e8fXuq5zT0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qx1t7e8fXuq5zT0h7", + "uuid_g": "9c6a4a14-7ddc-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsiz1b5OIiR0utVB6tX5hUTQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-14T02:25:24.269Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qx4inzejAVkoNX0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qx4inzejAVkoNX0h7", + "uuid_g": "324f8e8d-7df7-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsiz1b5OIiR0utVB6tX5hUTQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-14T02:26:09.285Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qx4inzejAVkoNX0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qx4inzejAVkoNX0h7", + "uuid_g": "4d2473c5-7df7-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsbszdfbvHRuK415WPoHdE4Q", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-14T05:34:52.416Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qx8cyjsdklfBrE0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qx8cyjsdklfBrE0h7", + "uuid_g": "aa412008-7e11-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsbszdfbvHRuK415WPoHdE4Q", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-14T05:35:37.432Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qx8cyjsdklfBrE0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qx8cyjsdklfBrE0h7", + "uuid_g": "c51605cb-7e11-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsYpJ15iYaT26fwuKZ3g546Q", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-14T08:43:46.259Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qxbeqhkpKSCQNj0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qxbeqhkpKSCQNj0h7", + "uuid_g": "0dc052b0-7e2c-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsYpJ15iYaT26fwuKZ3g546Q", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-14T08:44:31.275Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qxbeqhkpKSCQNj0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qxbeqhkpKSCQNj0h7", + "uuid_g": "28953809-7e2c-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsG2X4NlKyTN6DrtnuRMnkVQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-14T11:52:17.617Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qxgoqykzNkOWs80h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qxgoqykzNkOWs80h7", + "uuid_g": "63d89494-7e46-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsG2X4NlKyTN6DrtnuRMnkVQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-14T11:53:02.633Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qxgoqykzNkOWs80h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qxgoqykzNkOWs80h7", + "uuid_g": "7ead7a61-7e46-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsXYuQ5dclR3-SI3uxJq8obQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-14T15:27:20.472Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qxmrhj7Xy98smJ0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qxmrhj7Xy98smJ0h7", + "uuid_g": "6e8c0182-7e64-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsXYuQ5dclR3-SI3uxJq8obQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-14T15:28:05.487Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qxmrhj7Xy98smJ0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qxmrhj7Xy98smJ0h7", + "uuid_g": "8960c037-7e64-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsm8lt_h86RKyLv2UAvnvtUg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-14T18:42:20.274Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qxt45i6hlWCYJy0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qxt45i6hlWCYJy0h7", + "uuid_g": "ac2c1d3f-7e7f-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsm8lt_h86RKyLv2UAvnvtUg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-14T18:43:05.291Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qxt45i6hlWCYJy0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qxt45i6hlWCYJy0h7", + "uuid_g": "c7012a97-7e7f-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsZJCE8-pDSNuBCSXnViD43w", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-14T21:50:43.997Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qxzberiwub0PY00h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qxzberiwub0PY00h7", + "uuid_g": "fdb75d78-7e99-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsZJCE8-pDSNuBCSXnViD43w", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-14T21:51:29.014Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qxzberiwub0PY00h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qxzberiwub0PY00h7", + "uuid_g": "188c6981-7e9a-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs0Nf-gKU7S8KgyymOeOw7pQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-15T01:08:25.462Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qy46tmhjSIIgov0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qy46tmhjSIIgov0h7", + "uuid_g": "9bb3499a-7eb5-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs0Nf-gKU7S8KgyymOeOw7pQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-15T01:09:10.479Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qy46tmhjSIIgov0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qy46tmhjSIIgov0h7", + "uuid_g": "b68856ef-7eb5-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsoxhEHIcRSXqWWaN0bdNchw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-15T04:14:14.352Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qy7kpltXxfY1Va0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qy7kpltXxfY1Va0h7", + "uuid_g": "90f4e5f2-7ecf-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsoxhEHIcRSXqWWaN0bdNchw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-15T04:14:59.367Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qy7kpltXxfY1Va0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qy7kpltXxfY1Va0h7", + "uuid_g": "abc9a39c-7ecf-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsei7dt87sS6Ga50YH5RW8Fw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-15T07:17:00.211Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qyafaehX2xeLFB0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qyafaehX2xeLFB0h7", + "uuid_g": "191e3057-7ee9-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsei7dt87sS6Ga50YH5RW8Fw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-15T07:17:45.229Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qyafaehX2xeLFB0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qyafaehX2xeLFB0h7", + "uuid_g": "33f364c6-7ee9-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsTBKQdc1kScCgbOpFCayXHw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-15T10:21:46.668Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qydlz4zvAMEmew0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qydlz4zvAMEmew0h7", + "uuid_g": "e9294771-7f02-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsTBKQdc1kScCgbOpFCayXHw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-15T10:22:31.684Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qydlz4zvAMEmew0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qydlz4zvAMEmew0h7", + "uuid_g": "03fe2c99-7f03-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "null", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "Sign-on policy evaluation resulted in CHALLENGE", + "securityContext_asNumber_d": "11427", + "securityContext_asOrg_s": "charter communications inc", + "securityContext_isp_s": "charter communications inc", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "4a3e84bf-ee1e-d454-9b79-405d9740b0fd", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00uqk8ov6opCO6XXN0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user55@abccompany.com", + "actor_displayName_s": "User 55", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trstWLMz9sFSyyq3RyyjJKkpg", + "displayMessage_s": "Evaluation of sign-on policy", + "eventType_s": "policy.evaluate_sign_on", + "outcome_result_s": "CHALLENGE", + "published_t": "2020-04-15T13:23:22.602Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "", + "transaction_id_s": "unknown", + "uuid_g": "47a4dd6d-7f1c-11ea-88c9-711820491aa7", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"00pn79xb33o84O0Hc0h7\",\r\n \"type\": \"PolicyEntity\",\r\n \"alternateId\": \"unknown\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": {\r\n \"policyType\": \"OktaSignOn\"\r\n }\r\n },\r\n {\r\n \"id\": \"0prn79ye1mCqWhlUR0h7\",\r\n \"type\": \"PolicyRule\",\r\n \"alternateId\": \"00pn79xb33o84O0Hc0h7\",\r\n \"displayName\": \"default\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36", + "client_userAgent_os_s": "Mac OS X", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "97.97.97.97", + "client_geographicalContext_city_s": "Plano", + "client_geographicalContext_state_s": "Texas", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "75074", + "client_geographicalContext_geolocation_lat_d": "33.0287", + "client_geographicalContext_geolocation_lon_d": "-96.6826", + "outcome_reason_s": "", + "securityContext_asNumber_d": "11427", + "securityContext_asOrg_s": "charter communications inc", + "securityContext_isp_s": "charter communications inc", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XpcKywORNR8Kx-r13wlD7wAAD-M", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/password/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/password/verify?rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "4a3e84bf-ee1e-d454-9b79-405d9740b0fd", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "PASSWORD_AS_FACTOR", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00uqk8ov6opCO6XXN0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user55@abccompany.com", + "actor_displayName_s": "User 55", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102RBOPqFq3SryZNxK7Qwx4iA", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-15T13:23:24.165Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XpcKywORNR8Kx-r13wlD7wAAD-M", + "uuid_g": "48935c22-7f1c-11ea-a7cf-cba29cda4be4", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"97.97.97.97\",\r\n \"geographicalContext\": {\r\n \"city\": \"Plano\",\r\n \"state\": \"Texas\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"75074\",\r\n \"geolocation\": \"@{lat=33.0287; lon=-96.6826}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00uqk8ov6opCO6XXN0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user55@abccompany.com\",\r\n \"displayName\": \"User 55\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Dalvik/2.1.0 (Linux; U; Android 10; SM-G975U Build/QP1A.190711.020)OktaVerify/5.0.1", + "client_userAgent_os_s": "Android 1.x", + "client_userAgent_browser_s": "UNKNOWN", + "client_zone_s": "null", + "client_device_s": "Mobile", + "client_ipAddress_s": "97.97.97.97", + "client_geographicalContext_city_s": "Plano", + "client_geographicalContext_state_s": "Texas", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "75074", + "client_geographicalContext_geolocation_lat_d": "33.0287", + "client_geographicalContext_geolocation_lon_d": "-96.6826", + "outcome_reason_s": "", + "securityContext_asNumber_d": "11427", + "securityContext_asOrg_s": "charter communications inc", + "securityContext_isp_s": "charter communications inc", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XpcK9-Uz0vtOuw-LzJQFUAAAB@0", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/opfqk8io0pDD4o1ot0h7/transactions/00V0fgjLzdquBUSIByGalCMabL45P_d3IbhbFndZ6k/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/opfqk8io0pDD4o1ot0h7/transactions/00V0fgjLzdquBUSIByGalCMabL45P_d3IbhbFndZ6k/verify?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "FACTOR_PROVIDER", + "authenticationContext_credentialProvider_s": "OKTA_CREDENTIAL_PROVIDER", + "debugContext_debugData_factor_s": "OKTA_VERIFY_PUSH", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00uqk8ov6opCO6XXN0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user55@abccompany.com", + "actor_displayName_s": "User 55", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs-pjQpEWYRk6qhvmvzNYKRw", + "displayMessage_s": "Authentication of user via MFA", + "eventType_s": "user.authentication.auth_via_mfa", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-15T13:24:07.389Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user.factor.attempt_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XpcK9-Uz0vtOuw-LzJQFUAAAB@0", + "uuid_g": "6256d0ea-7f1c-11ea-af24-0f231c970b4f", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"97.97.97.97\",\r\n \"geographicalContext\": {\r\n \"city\": \"Plano\",\r\n \"state\": \"Texas\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"75074\",\r\n \"geolocation\": \"@{lat=33.0287; lon=-96.6826}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00uqk8ov6opCO6XXN0h7\",\r\n \"type\": \"User\",\r\n \"alternateId\": \"user55@abccompany.com\",\r\n \"displayName\": \"User 55\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36", + "client_userAgent_os_s": "Mac OS X", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "97.97.97.97", + "client_geographicalContext_city_s": "Plano", + "client_geographicalContext_state_s": "Texas", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "75074", + "client_geographicalContext_geolocation_lat_d": "33.0287", + "client_geographicalContext_geolocation_lon_d": "-96.6826", + "outcome_reason_s": "", + "securityContext_asNumber_d": "11427", + "securityContext_asOrg_s": "charter communications inc", + "securityContext_isp_s": "charter communications inc", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XpcK@87rkIUwZi0p1ty28wAAAes", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/opfqk8io0pDD4o1ot0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/opfqk8io0pDD4o1ot0h7/verify?autoPush=true&rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "4a3e84bf-ee1e-d454-9b79-405d9740b0fd", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00uqk8ov6opCO6XXN0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user55@abccompany.com", + "actor_displayName_s": "User 55", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102RBOPqFq3SryZNxK7Qwx4iA", + "displayMessage_s": "User login to Okta", + "eventType_s": "user.session.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-15T13:24:11.35Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.login_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XpcK@87rkIUwZi0p1ty28wAAAes", + "uuid_g": "64b33766-7f1c-11ea-bf44-2365c8976b95", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"97.97.97.97\",\r\n \"geographicalContext\": {\r\n \"city\": \"Plano\",\r\n \"state\": \"Texas\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"75074\",\r\n \"geolocation\": \"@{lat=33.0287; lon=-96.6826}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36", + "client_userAgent_os_s": "Mac OS X", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "97.97.97.97", + "client_geographicalContext_city_s": "Plano", + "client_geographicalContext_state_s": "Texas", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "75074", + "client_geographicalContext_geolocation_lat_d": "33.0287", + "client_geographicalContext_geolocation_lon_d": "-96.6826", + "outcome_reason_s": "", + "securityContext_asNumber_d": "11427", + "securityContext_asOrg_s": "charter communications inc", + "securityContext_isp_s": "charter communications inc", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XpcK@87rkIUwZi0p1ty28wAAAes", + "debugContext_debugData_requestUri_s": "/api/v1/authn/factors/opfqk8io0pDD4o1ot0h7/verify", + "debugContext_debugData_url_s": "/api/v1/authn/factors/opfqk8io0pDD4o1ot0h7/verify?autoPush=true&rememberDevice=false", + "debugContext_debugData_deviceFingerprint_g": "4a3e84bf-ee1e-d454-9b79-405d9740b0fd", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00uqk8ov6opCO6XXN0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user55@abccompany.com", + "actor_displayName_s": "User 55", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102RBOPqFq3SryZNxK7Qwx4iA", + "displayMessage_s": "Verify user identity", + "eventType_s": "user.authentication.verify", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-15T13:24:11.356Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "WEB", + "transaction_id_s": "XpcK@87rkIUwZi0p1ty28wAAAes", + "uuid_g": "64b421c7-7f1c-11ea-bf44-2365c8976b95", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"97.97.97.97\",\r\n \"geographicalContext\": {\r\n \"city\": \"Plano\",\r\n \"state\": \"Texas\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"75074\",\r\n \"geolocation\": \"@{lat=33.0287; lon=-96.6826}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36", + "client_userAgent_os_s": "Mac OS X", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "97.97.97.97", + "client_geographicalContext_city_s": "Plano", + "client_geographicalContext_state_s": "Texas", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "75074", + "client_geographicalContext_geolocation_lat_d": "33.0287", + "client_geographicalContext_geolocation_lon_d": "-96.6826", + "outcome_reason_s": "", + "securityContext_asNumber_d": "11427", + "securityContext_asOrg_s": "charter communications inc", + "securityContext_isp_s": "charter communications inc", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XpcK-3UxoxWm7xFm@4dSuAAAEvI", + "debugContext_debugData_requestUri_s": "/admin/sso/request", + "debugContext_debugData_url_s": "/admin/sso/request?", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00uqk8ov6opCO6XXN0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user55@abccompany.com", + "actor_displayName_s": "User 55", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022cuGqR51T-2d_rLaa9Iy1g", + "displayMessage_s": "User accessing Okta admin app", + "eventType_s": "user.session.access_admin_app", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-15T13:24:15.473Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.admin.sso.login.success", + "transaction_type_s": "WEB", + "transaction_id_s": "XpcK-3UxoxWm7xFm@4dSuAAAEvI", + "uuid_g": "6728563c-7f1c-11ea-8ed1-255df880f1f5", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"97.97.97.97\",\r\n \"geographicalContext\": {\r\n \"city\": \"Plano\",\r\n \"state\": \"Texas\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"75074\",\r\n \"geolocation\": \"@{lat=33.0287; lon=-96.6826}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "[\r\n {\r\n \"id\": \"00uqk8ov6opCO6XXN0h7\",\r\n \"type\": \"AppUser\",\r\n \"alternateId\": \"user55@abccompany.com\",\r\n \"displayName\": \"User 55\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsxj0-OSNPRIqyM9tIPO_gaA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-15T13:31:16.405Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qyj89j3o511lNc0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qyj89j3o511lNc0h7", + "uuid_g": "620d76a1-7f1d-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsxj0-OSNPRIqyM9tIPO_gaA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-15T13:32:01.42Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qyj89j3o511lNc0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qyj89j3o511lNc0h7", + "uuid_g": "7ce23553-7f1d-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36", + "client_userAgent_os_s": "Mac OS X", + "client_userAgent_browser_s": "CHROME", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "97.97.97.97", + "client_geographicalContext_city_s": "Plano", + "client_geographicalContext_state_s": "Texas", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "75074", + "client_geographicalContext_geolocation_lat_d": "33.0287", + "client_geographicalContext_geolocation_lon_d": "-96.6826", + "outcome_reason_s": "", + "securityContext_asNumber_d": "11427", + "securityContext_asOrg_s": "charter communications inc", + "securityContext_isp_s": "charter communications inc", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XpcnzMflDe2p5RNIAmVs-QAAAsM", + "debugContext_debugData_requestUri_s": "/login/signout", + "debugContext_debugData_url_s": "/login/signout?message=login_page_messages.session_has_expired", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00uqk8ov6opCO6XXN0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user55@abccompany.com", + "actor_displayName_s": "User 55", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "102RBOPqFq3SryZNxK7Qwx4iA", + "displayMessage_s": "User logout from Okta", + "eventType_s": "user.session.end", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-15T15:27:08.58Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.logout_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XpcnzMflDe2p5RNIAmVs-QAAAsM", + "uuid_g": "91df2ef1-7f2d-11ea-8115-5faddb6bb1a8", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"97.97.97.97\",\r\n \"geographicalContext\": {\r\n \"city\": \"Plano\",\r\n \"state\": \"Texas\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"75074\",\r\n \"geolocation\": \"@{lat=33.0287; lon=-96.6826}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaPJ8mGQjR7ewRx4PyoMl0A", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-15T16:50:37.904Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qyq0d9e54vKedY0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qyq0d9e54vKedY0h7", + "uuid_g": "3ba95dc6-7f39-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaPJ8mGQjR7ewRx4PyoMl0A", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-15T16:51:22.921Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qyq0d9e54vKedY0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qyq0d9e54vKedY0h7", + "uuid_g": "567e69f4-7f39-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trscbinwW9HQ1eNe3w8rD-h-A", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-15T20:16:52.174Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qywes3bNeM5NIY0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qywes3bNeM5NIY0h7", + "uuid_g": "0b4d1f43-7f56-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trscbinwW9HQ1eNe3w8rD-h-A", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-15T20:17:37.19Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qywes3bNeM5NIY0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qywes3bNeM5NIY0h7", + "uuid_g": "262204a3-7f56-11ea-a4a7-f9888106e04c", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsgvlqwQGJQpW7dnP7IcfUrQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-15T23:56:21.59Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qz1gze8RBKBI590h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qz1gze8RBKBI590h7", + "uuid_g": "b4e287e4-7f74-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsgvlqwQGJQpW7dnP7IcfUrQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-15T23:57:06.605Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qz1gze8RBKBI590h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qz1gze8RBKBI590h7", + "uuid_g": "cfb745ec-7f74-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trscf8fh_E0SKK2kwI0rDtgCg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-16T03:01:24.786Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qz4sv38q9jZcTU0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qz4sv38q9jZcTU0h7", + "uuid_g": "8ee7c996-7f8e-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trscf8fh_E0SKK2kwI0rDtgCg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-16T03:02:09.8Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qz4sv38q9jZcTU0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qz4sv38q9jZcTU0h7", + "uuid_g": "a9bc60ae-7f8e-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs3PC2CVWkRlqrO6O0w27cEA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-16T06:08:47.618Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qz6fbgzmF48HdJ0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qz6fbgzmF48HdJ0h7", + "uuid_g": "bc27cee4-7fa8-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs3PC2CVWkRlqrO6O0w27cEA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-16T06:09:32.634Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qz6fbgzmF48HdJ0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qz6fbgzmF48HdJ0h7", + "uuid_g": "d6fcb464-7fa8-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsoXCHtrOSQkeJ4AUNm1YCQA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-16T09:19:14.569Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qz8gjf4fRkGSgy0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qz8gjf4fRkGSgy0h7", + "uuid_g": "57262839-7fc3-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsoXCHtrOSQkeJ4AUNm1YCQA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-16T09:19:59.584Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qz8gjf4fRkGSgy0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qz8gjf4fRkGSgy0h7", + "uuid_g": "71fae658-7fc3-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsbaYSU2K6RpiRufqOAZZbFw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-16T12:22:37.716Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qzak30iBEpMNq50h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qzak30iBEpMNq50h7", + "uuid_g": "f58925f3-7fdc-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsbaYSU2K6RpiRufqOAZZbFw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-16T12:23:22.731Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qzak30iBEpMNq50h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qzak30iBEpMNq50h7", + "uuid_g": "105de46c-7fdd-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsPRgOuDpsTESDw5DjVuGUbQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-16T15:38:20.123Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qzdpx5tDI5NQh90h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qzdpx5tDI5NQh90h7", + "uuid_g": "4c8e42f9-7ff8-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsPRgOuDpsTESDw5DjVuGUbQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-16T15:39:05.139Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qzdpx5tDI5NQh90h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qzdpx5tDI5NQh90h7", + "uuid_g": "676328ae-7ff8-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsWGSrE4CxTkibTbQQMDGLQA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-16T19:09:01.053Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qzhnmoqqmsa7zN0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qzhnmoqqmsa7zN0h7", + "uuid_g": "bb231b7d-8015-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsWGSrE4CxTkibTbQQMDGLQA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-16T19:09:46.068Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qzhnmoqqmsa7zN0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qzhnmoqqmsa7zN0h7", + "uuid_g": "d5f7d95a-8015-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs7DqBSnhRS1KU80U2uJHPlg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-16T22:34:30.085Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qzlsdbe7xC7SUn0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qzlsdbe7xC7SUn0h7", + "uuid_g": "6fd017cb-8032-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs7DqBSnhRS1KU80U2uJHPlg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-16T22:35:15.101Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qzlsdbe7xC7SUn0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qzlsdbe7xC7SUn0h7", + "uuid_g": "8aa4fd22-8032-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs4SH5mvJCR3G8LJS99VBnNw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-17T01:45:08.154Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qzq6uuzajKQmKK0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qzq6uuzajKQmKK0h7", + "uuid_g": "116eea36-804d-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs4SH5mvJCR3G8LJS99VBnNw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-17T01:45:53.202Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qzq6uuzajKQmKK0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qzq6uuzajKQmKK0h7", + "uuid_g": "2c48b1af-804d-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEX_-WbTJTsaPLUyefUsSJg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-17T04:51:33.724Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qztydxtvAK272S0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qztydxtvAK272S0h7", + "uuid_g": "1c8d727b-8067-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEX_-WbTJTsaPLUyefUsSJg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-17T04:52:18.739Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qztydxtvAK272S0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qztydxtvAK272S0h7", + "uuid_g": "37623102-8067-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trspvzg1yMUSaCxMDkXUMeEIg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-17T08:24:26.737Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qzx55cr2rdVE480h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qzx55cr2rdVE480h7", + "uuid_g": "d9dc8efa-8084-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trspvzg1yMUSaCxMDkXUMeEIg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-17T08:25:11.753Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1qzx55cr2rdVE480h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1qzx55cr2rdVE480h7", + "uuid_g": "f4b1743b-8084-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsweix51QYQaSNe4oBtC8FEg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-17T11:37:08.471Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1r01da6cUy8vqXp0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1r01da6cUy8vqXp0h7", + "uuid_g": "c531296e-809f-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsweix51QYQaSNe4oBtC8FEg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-17T11:37:53.489Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1r01da6cUy8vqXp0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1r01da6cUy8vqXp0h7", + "uuid_g": "e0065cc1-809f-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trscxRRXVLZRv6x8mFQ0MN0sg", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-17T14:44:29.342Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1r05yhi5iLyKGD60h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1r05yhi5iLyKGD60h7", + "uuid_g": "f145f471-80b9-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trscxRRXVLZRv6x8mFQ0MN0sg", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-17T14:45:14.358Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1r05yhi5iLyKGD60h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1r05yhi5iLyKGD60h7", + "uuid_g": "0c1ad9aa-80ba-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsCRoqSS0WQBiSnS2IoMOp1A", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-17T18:13:42.757Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1r0bgpuhq6zBi2m0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1r0bgpuhq6zBi2m0h7", + "uuid_g": "2bb1116d-80d7-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsCRoqSS0WQBiSnS2IoMOp1A", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-04-17T18:14:27.774Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1r0bgpuhq6zBi2m0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1r0bgpuhq6zBi2m0h7", + "uuid_g": "46861ead-80d7-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T17:25:22.391Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trs4ZD0PLJRTLWz3v2w1OaPNA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-04-17T21:22:50.703Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1r0lt81lV39di400h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1r0lt81lV39di400h7", + "uuid_g": "9798369b-80f1-11ea-82ac-af37379eeeb0", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:30:02.531Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T20:24:20.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "0d6f4f6c-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:30:02.531Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T20:25:05.585Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "2844aa5a-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:10:01.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T20:24:20.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "0d6f4f6c-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:10:01.595Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T20:25:05.585Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "2844aa5a-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:00:01.343Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T20:24:20.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "0d6f4f6c-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:00:01.343Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T20:25:05.585Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "2844aa5a-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:15:01.028Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T20:24:20.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "0d6f4f6c-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:15:01.028Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T20:25:05.585Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "2844aa5a-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:20:01.659Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T20:24:20.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "0d6f4f6c-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:20:01.659Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T20:25:05.585Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "2844aa5a-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:05:00.883Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T20:24:20.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "0d6f4f6c-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:05:00.883Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T20:25:05.585Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "2844aa5a-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T20:45:01.827Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0", + "client_userAgent_os_s": "Windows 10", + "client_userAgent_browser_s": "FIREFOX", + "client_zone_s": "null", + "client_device_s": "Computer", + "client_ipAddress_s": "65.65.65.65", + "client_geographicalContext_city_s": "Los Angeles", + "client_geographicalContext_state_s": "California", + "client_geographicalContext_country_s": "United States", + "client_geographicalContext_postalCode_s": "90015", + "client_geographicalContext_geolocation_lat_d": "34.047", + "client_geographicalContext_geolocation_lon_d": "-118.275", + "outcome_reason_s": "", + "securityContext_asNumber_d": "10993", + "securityContext_asOrg_s": "aerioconnect", + "securityContext_isp_s": "aerioconnect", + "securityContext_domain_s": ".", + "securityContext_isProxy_b": "FALSE", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "debugContext_debugData_requestUri_s": "/login/signout", + "debugContext_debugData_url_s": "/login/signout?message=login_page_messages.session_has_expired", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "00urjk4znu3BcncfY0h7", + "actor_type_s": "User", + "actor_alternateId_s": "user100@abccompany.com", + "actor_displayName_s": "user 100", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "1022OC2HQraR1if3aiPDh6saQ", + "displayMessage_s": "User logout from Okta", + "eventType_s": "user.session.end", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T19:42:33.3Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "core.user_auth.logout_success", + "transaction_type_s": "WEB", + "transaction_id_s": "XsbZqSZOjqHePkozjlraIAAAD0M", + "uuid_g": "36fce1d0-9b9b-11ea-8149-2b7b21ec5f8f", + "version_s": "0", + "request_ipChain_s": "[\r\n {\r\n \"ip\": \"65.65.65.65\",\r\n \"geographicalContext\": {\r\n \"city\": \"Los Angeles\",\r\n \"state\": \"California\",\r\n \"country\": \"United States\",\r\n \"postalCode\": \"90015\",\r\n \"geolocation\": \"@{lat=34.047; lon=-118.275}\"\r\n },\r\n \"version\": \"V4\",\r\n \"source\": null\r\n }\r\n]", + "target_s": "", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T20:45:01.827Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T20:24:20.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "0d6f4f6c-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:35:00.845Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T20:24:20.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "0d6f4f6c-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:35:00.845Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T20:25:05.585Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "2844aa5a-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T20:50:00.7Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T20:24:20.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "0d6f4f6c-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:45:00.97Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T20:25:05.585Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "2844aa5a-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:50:01.541Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T20:25:05.585Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "2844aa5a-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T20:55:00.725Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T20:24:20.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "0d6f4f6c-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T20:55:00.725Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T20:25:05.585Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "2844aa5a-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:25:01.203Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T20:24:20.566Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "0d6f4f6c-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:25:01.203Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T20:25:05.585Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "2844aa5a-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T21:40:02.417Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsklgJ_Q4bQZSxL9h3pFSotw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T20:25:05.585Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rn6uwloQCNf7720h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rn6uwloQCNf7720h7", + "uuid_g": "2844aa5a-9ba1-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T23:50:01.838Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T23:26:34.293Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "8271a6c6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T23:50:01.838Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T23:27:19.316Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "9d479dd6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T23:30:01.011Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T23:26:34.293Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "8271a6c6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T23:30:01.011Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T23:27:19.316Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "9d479dd6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T23:35:00.96Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T23:26:34.293Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "8271a6c6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T23:35:00.96Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T23:27:19.316Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "9d479dd6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T23:40:01.535Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T23:26:34.293Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "8271a6c6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T23:40:01.535Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T23:27:19.316Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "9d479dd6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T23:45:00.921Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T23:26:34.293Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "8271a6c6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T23:45:00.921Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T23:27:19.316Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "9d479dd6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T23:55:01.016Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T23:26:34.293Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "8271a6c6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-21T23:55:01.016Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T23:27:19.316Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "9d479dd6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T00:00:01.715Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T23:26:34.293Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "8271a6c6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T00:00:01.715Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T23:27:19.316Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "9d479dd6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T00:05:00.675Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T23:26:34.293Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "8271a6c6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T00:05:00.675Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T23:27:19.316Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "9d479dd6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T00:10:01.421Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T23:26:34.293Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "8271a6c6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T00:10:01.421Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T23:27:19.316Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "9d479dd6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T00:15:00.719Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T23:26:34.293Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "8271a6c6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T00:15:00.719Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T23:27:19.316Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "9d479dd6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T00:20:01.619Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T23:26:34.293Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "8271a6c6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T00:20:01.619Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T23:27:19.316Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "9d479dd6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T00:25:00.577Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-21T23:26:34.293Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "8271a6c6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T00:25:00.577Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsR44J1NTpSXK8t2ODiXNRPA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-21T23:27:19.316Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rncg23xIR3c7FZ0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rncg23xIR3c7FZ0h7", + "uuid_g": "9d479dd6-9bba-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T02:40:01.558Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T02:35:14.177Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "dd9edfc0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T02:40:01.558Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T02:35:59.196Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "f87439f0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T03:10:01.671Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T02:35:14.177Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "dd9edfc0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T03:10:01.671Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T02:35:59.196Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "f87439f0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T03:15:00.919Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T02:35:14.177Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "dd9edfc0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T03:15:00.919Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T02:35:59.196Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "f87439f0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T02:45:01.514Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T02:35:14.177Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "dd9edfc0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T02:45:01.514Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T02:35:59.196Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "f87439f0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T02:50:01.824Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T02:35:14.177Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "dd9edfc0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T02:50:01.824Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T02:35:59.196Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "f87439f0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T02:55:00.655Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T02:35:14.177Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "dd9edfc0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T02:55:00.655Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T02:35:59.196Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "f87439f0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T03:00:01.576Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T02:35:14.177Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "dd9edfc0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T03:00:01.576Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T02:35:59.196Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "f87439f0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T03:05:01.124Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T02:35:14.177Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "dd9edfc0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T03:05:01.124Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T02:35:59.196Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "f87439f0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T03:20:02.263Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T02:35:14.177Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "dd9edfc0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T03:20:02.263Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T02:35:59.196Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "f87439f0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T03:25:00.483Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T02:35:14.177Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "dd9edfc0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T03:25:00.483Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T02:35:59.196Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "f87439f0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T03:30:01.532Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T02:35:14.177Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "dd9edfc0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T03:30:01.532Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T02:35:59.196Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "f87439f0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T03:35:01.602Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T02:35:14.177Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "dd9edfc0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T03:35:01.602Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsUJ6CfjuzQU-Hm1QXEe7Eiw", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T02:35:59.196Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rng7dh4pBeCpba0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rng7dh4pBeCpba0h7", + "uuid_g": "f87439f0-9bd4-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:00:01.488Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T11:58:22.232Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "88dee9fc-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:05:02.006Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T11:58:22.232Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "88dee9fc-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:05:02.006Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T11:59:07.251Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "a3b444c7-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:10:00.903Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T11:58:22.232Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "88dee9fc-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:10:00.903Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T11:59:07.251Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "a3b444c7-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:15:02.754Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T11:58:22.232Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "88dee9fc-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:15:02.754Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T11:59:07.251Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "a3b444c7-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:45:00.817Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T11:58:22.232Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "88dee9fc-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:45:00.817Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T11:59:07.251Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "a3b444c7-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:25:01.698Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T11:58:22.232Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "88dee9fc-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:25:01.698Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T11:59:07.251Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "a3b444c7-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:35:01.176Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T11:58:22.232Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "88dee9fc-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:35:01.176Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T11:59:07.251Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "a3b444c7-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:20:00.481Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T11:58:22.232Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "88dee9fc-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:20:00.481Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T11:59:07.251Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "a3b444c7-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:30:00.566Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T11:58:22.232Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "88dee9fc-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:30:00.566Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T11:59:07.251Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "a3b444c7-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:40:01.909Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T11:58:22.232Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "88dee9fc-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:40:01.909Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T11:59:07.251Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "a3b444c7-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:50:01.67Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T11:58:22.232Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "88dee9fc-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:50:01.67Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T11:59:07.251Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "a3b444c7-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:55:01.173Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T11:58:22.232Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "88dee9fc-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T12:55:01.173Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsEzspebOKR7OXCaF8RIaAxA", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T11:59:07.251Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnqbcbu65q5ZGb0h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnqbcbu65q5ZGb0h7", + "uuid_g": "a3b444c7-9c23-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:05:02.202Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T15:02:56.262Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "5181ca96-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:05:02.202Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T15:03:41.279Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "6c56d73c-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:10:00.896Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T15:02:56.262Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "5181ca96-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:10:00.896Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T15:03:41.279Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "6c56d73c-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:20:01.366Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T15:02:56.262Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "5181ca96-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:20:01.366Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T15:03:41.279Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "6c56d73c-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:15:02.469Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T15:02:56.262Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "5181ca96-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:15:02.469Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T15:03:41.279Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "6c56d73c-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:25:01.598Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T15:02:56.262Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "5181ca96-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:25:01.598Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T15:03:41.279Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "6c56d73c-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:50:02.327Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T15:02:56.262Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "5181ca96-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:50:02.327Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T15:03:41.279Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "6c56d73c-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:30:00.483Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T15:02:56.262Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "5181ca96-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:30:00.483Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T15:03:41.279Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "6c56d73c-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:55:01.822Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T15:02:56.262Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "5181ca96-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:55:01.822Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T15:03:41.279Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "6c56d73c-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:35:00.479Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T15:02:56.262Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "5181ca96-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:35:00.479Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T15:03:41.279Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "6c56d73c-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:40:01.604Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T15:02:56.262Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "5181ca96-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:40:01.604Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T15:03:41.279Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "6c56d73c-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:45:01.033Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "import started", + "eventType_s": "system.import.start", + "outcome_result_s": "SUCCESS", + "published_t": "2020-05-22T15:02:56.262Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "Incremental", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "36912:FZVjzYzhNPYGeZf+JcajBSCqAts=", + "debugContext_debugData_importTrigger_s": "Schedule", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "app.generic.import.started", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "5181ca96-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "", + "Type": "Okta_CL", + "_ResourceId": "" + }, + { + "TenantId": "a123456z-a123-1234-1234-1234aabbcc56", + "SourceSystem": "RestAPI", + "MG": "", + "ManagementGroupName": "", + "TimeGenerated": "2020-05-22T15:45:01.033Z", + "Computer": "", + "RawData": "", + "debugContext_debugData_initiationType_s": "", + "debugContext_debugData_signOnMode_s": "", + "debugContext_debugData_attributesModified_s": "", + "debugContext_debugData_attributesAdded_s": "", + "debugContext_debugData_attributesDeleted_s": "", + "debugContext_debugData_groupAppAssignmentId_s": "", + "debugContext_debugData_authnRequestId_s": "", + "client_userAgent_rawUserAgent_s": "", + "client_userAgent_os_s": "", + "client_userAgent_browser_s": "", + "client_zone_s": "", + "client_device_s": "", + "client_ipAddress_s": "", + "client_geographicalContext_city_s": "", + "client_geographicalContext_state_s": "", + "client_geographicalContext_country_s": "", + "client_geographicalContext_postalCode_s": "", + "client_geographicalContext_geolocation_lat_d": "null", + "client_geographicalContext_geolocation_lon_d": "null", + "outcome_reason_s": "", + "securityContext_asNumber_d": "null", + "securityContext_asOrg_s": "", + "securityContext_isp_s": "", + "securityContext_domain_s": "", + "securityContext_isProxy_b": "null", + "debugContext_debugData_loginResult_s": "", + "debugContext_debugData_requestId_s": "", + "debugContext_debugData_requestUri_s": "", + "debugContext_debugData_url_s": "", + "debugContext_debugData_deviceFingerprint_g": "", + "authenticationContext_authenticationProvider_s": "", + "authenticationContext_credentialProvider_s": "", + "debugContext_debugData_factor_s": "", + "debugContext_debugData_countryCallingCode_s": "", + "debugContext_debugData_smsProvider_s": "", + "debugContext_debugData_transactionId_g": "", + "authenticationContext_credentialType_s": "", + "actor_id_s": "0001dzveh5TJUJSDFZWJ", + "actor_type_s": "SystemPrincipal", + "actor_alternateId_s": "system@okta.com", + "actor_displayName_s": "Okta System", + "authenticationContext_authenticationStep_d": "0", + "authenticationContext_externalSessionId_s": "trsaLptM5c4QNSyTjjrtajwDQ", + "displayMessage_s": "Download object phase started.", + "eventType_s": "system.import.download.start", + "outcome_result_s": "", + "published_t": "2020-05-22T15:03:41.279Z", + "severity_s": "INFO", + "debugContext_debugData_jobId_s": "ij1rnuvre4FfGdV780h7", + "debugContext_debugData_importType_s": "", + "debugContext_debugData_appname_s": "active_directory", + "debugContext_debugData_importLastToken_s": "", + "debugContext_debugData_importTrigger_s": "", + "debugContext_debugData_threatSuspected_s": "FALSE", + "legacyEventType_s": "", + "transaction_type_s": "JOB", + "transaction_id_s": "ij1rnuvre4FfGdV780h7", + "uuid_g": "6c56d73c-9c3d-11ea-bc0e-b58983a66847", + "version_s": "0", + "request_ipChain_s": "[]", + "target_s": "[\r\n {\r\n \"id\": \"0oa4mjvnh6Deswcb80h7\",\r\n \"type\": \"AppInstance\",\r\n \"alternateId\": \"corp.okta.org\",\r\n \"displayName\": \"Active Directory\",\r\n \"detailEntry\": null\r\n }\r\n]", + "debugContext_debugData_detailedmessage_s": "Download object phase started.", + "Type": "Okta_CL", + "_ResourceId": "" + } +] diff --git a/Sample Data/Custom/SophosXGFirewall.json b/Sample Data/Custom/SophosXGFirewall.json new file mode 100644 index 0000000000..dfb9365a61 --- /dev/null +++ b/Sample Data/Custom/SophosXGFirewall.json @@ -0,0 +1,80002 @@ +[ + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:11.633Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34892 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34892", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:11.7Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52180 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52180", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:11.717Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52104 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52104", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:11.73Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34566 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34566", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:11.837Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34892 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34892", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:11.837Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44922 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44922", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:11.997Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52180 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52180", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:12.013Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:12Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52104 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52104", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:12.057Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:12Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34566 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34566", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:12.25Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:12Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34892 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34892", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:12.337Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:12Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52104 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52104", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:12.36Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:12Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44922 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44922", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:12.573Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:12Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52180 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52180", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:12.667Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:12Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:11 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34566 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34566", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:12.943Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:12Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:11 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52104 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52104", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:13.083Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:11 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34892 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34892", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:13.383Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:11 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44922 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44922", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:13.727Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52180 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52180", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:13.883Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34566 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34566", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:14.127Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52104 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52104", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:51:14.747Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:51:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:13 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34892 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34892", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:19.813Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:18 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35268 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35268", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:09.193Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:09Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34698 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34698", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:09.26Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:09Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=51986 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "51986", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:09.277Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:09Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=51910 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "51910", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:09.29Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:09Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34372 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34372", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:09.39Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:09Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44736 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44736", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:09.4Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:09Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34698 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34698", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:09.56Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:09Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=51986 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "51986", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:09.577Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:09Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:08 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=51910 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "51910", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:09.62Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:09Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:08 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34372 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34372", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:09.81Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:09Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:08 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34698 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34698", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:09.897Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:09Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:08 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=51910 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "51910", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:09.917Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:09Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:08 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44736 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44736", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:10.137Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:08 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=51986 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "51986", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:10.23Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:08 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34372 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34372", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:10.507Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:08 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=51910 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "51910", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:10.657Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:09 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34698 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34698", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:10.907Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:09 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44736 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44736", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:11.257Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:09 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=51986 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "51986", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:11.447Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:09 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34372 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34372", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:11.69Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=51910 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "51910", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:12.307Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:12Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34698 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34698", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:50:12.89Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:50:12Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:11 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44736 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44736", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:14.097Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35076 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35076", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:14.17Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52364 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52364", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:14.183Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52288 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52288", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:14.193Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34758 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34758", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:14.297Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45114 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45114", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:14.303Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35076 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35076", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:14.483Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52288 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52288", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:14.527Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34758 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34758", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:14.573Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52364 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52364", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:14.717Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:13 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35076 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35076", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:14.803Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:13 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52288 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52288", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:14.823Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:13 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45114 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45114", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:15.047Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:15Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:13 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52364 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52364", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:15.167Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:15Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:13 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34758 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34758", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:15.413Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:15Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:13 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52288 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52288", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:15.55Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:15Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:13 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35076 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35076", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:15.847Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:15Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:14 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45114 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45114", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:16.167Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:14 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52364 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52364", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:16.42Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:14 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34758 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34758", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:16.597Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52288 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52288", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:52:17.217Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:52:17Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35076 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35076", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:16.697Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35268 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35268", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:16.767Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52556 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52556", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:16.78Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52480 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52480", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:16.793Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34942 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34942", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:16.9Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35268 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35268", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:16.903Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45298 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45298", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:17.063Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:17Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52556 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52556", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:17.08Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:17Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52480 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52480", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:17.093Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:17Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34942 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34942", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:17.32Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:17Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35268 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35268", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:17.403Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:17Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52480 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52480", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:17.433Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:17Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45298 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45298", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:17.67Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:17Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:16 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52556 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52556", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:17.7Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:17Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:16 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34942 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34942", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:18.01Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:16 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52480 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52480", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:18.15Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:16 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35268 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35268", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:18.483Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:16 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45298 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45298", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:18.887Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52556 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52556", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:18.917Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34942 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34942", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:53:19.197Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:53:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52480 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52480", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:19.073Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35544 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35544", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:19.14Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52832 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52832", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:19.157Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52756 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52756", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:19.17Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35218 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35218", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:19.277Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35544 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35544", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:19.28Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45574 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45574", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:19.437Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52832 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52832", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:19.457Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52756 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52756", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:19.5Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35218 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35218", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:19.69Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:18 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35544 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35544", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:19.777Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:18 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52756 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52756", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:19.807Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:18 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45574 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45574", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:20.013Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:20Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:18 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52832 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52832", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:20.107Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:20Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:18 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35218 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35218", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:20.387Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:20Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:18 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52756 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52756", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:20.523Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:20Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:18 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35544 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35544", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:20.857Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:20Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:19 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45574 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45574", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:21.133Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:19 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52832 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52832", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:21.323Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:19 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35218 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35218", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:21.567Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:19 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52756 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52756", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:54:22.187Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:54:22Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35544 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35544", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:21.813Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35734 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35734", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:21.88Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53022 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53022", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:21.897Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52946 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52946", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:21.91Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35416 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35416", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:22.017Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:22Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35734 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35734", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:22.02Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:22Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45772 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45772", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:22.193Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:22Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53022 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53022", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:22.21Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:22Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52946 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52946", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:22.223Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:22Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35416 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35416", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:22.447Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:22Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35734 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35734", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:22.53Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:22Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52946 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52946", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:22.557Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:22Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45772 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45772", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:22.77Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:22Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:21 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53022 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53022", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:22.83Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:22Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:21 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35416 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35416", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:23.14Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:21 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52946 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52946", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:23.277Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:21 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35734 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35734", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:23.58Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:21 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45772 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45772", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:23.92Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53022 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53022", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:24.047Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35416 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35416", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:24.323Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52946 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52946", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:24.943Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35734 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35734", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:55:40.463Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:55:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:38 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062009617507 log_type=\"Event\" log_component=\"GUI\" log_subtype=\"Admin\" status=\"Successful\" priority=Information user_name=\"admin\" src_ip=173.66.165.210 message=\"Administrator 'admin' logged in successfully to Web Admin Console.\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062009617507", + "Log_Type": "Event", + "Log_Component": "GUI", + "Log_Subtype": "Admin", + "Status": "Successful", + "Priority": "Information", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "admin", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "173.66.165.210", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Administrator 'admin' logged in successfully to Web Admin Console", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:24.29Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35932 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35932", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:24.363Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53220 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53220", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:24.373Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53144 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53144", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:24.387Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35608 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35608", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:24.49Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45964 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45964", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:24.493Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35932 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35932", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:24.67Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53220 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53220", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:24.683Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53144 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53144", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:24.693Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35608 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35608", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:24.913Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35932 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35932", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:24.987Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45964 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45964", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:25Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53144 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53144", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:25.243Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53220 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53220", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:25.3Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35608 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35608", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:25.613Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:24 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53144 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53144", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:25.747Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:24 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35932 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35932", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:26.013Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:24 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45964 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45964", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:26.4Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:24 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53220 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53220", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:26.517Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:24 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35608 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35608", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:26.793Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53144 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53144", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:56:27.41Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:56:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35932 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35932", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:26.66Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36216 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36216", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:26.743Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53504 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53504", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:26.743Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53428 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53428", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:26.757Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35890 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35890", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:26.867Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46246 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46246", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:26.867Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36216 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36216", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:27.007Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53504 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53504", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:27.057Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53428 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53428", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:27.067Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35890 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35890", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:27.29Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36216 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36216", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:27.377Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53428 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53428", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:27.4Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46246 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46246", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:27.673Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:26 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53504 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53504", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:27.68Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:26 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35890 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35890", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:27.983Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:26 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53428 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53428", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:28.123Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:26 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36216 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36216", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:28.427Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:26 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46246 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46246", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:28.717Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53504 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53504", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:28.893Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=35890 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35890", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:29.167Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53428 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53428", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:57:29.787Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:57:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36216 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36216", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:29.09Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36470 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36470", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:29.16Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53758 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53758", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:29.177Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53682 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53682", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:29.19Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36152 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36152", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:29.293Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46514 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46514", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:29.297Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36470 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36470", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:29.443Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53758 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53758", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:29.493Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53682 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53682", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:29.507Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36152 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36152", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:29.727Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36470 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36470", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:29.8Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46514 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46514", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:29.813Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53682 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53682", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:30.02Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53758 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53758", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:30.113Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36152 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36152", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:30.42Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53682 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53682", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:30.56Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36470 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36470", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:30.793Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46514 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46514", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:31.14Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53758 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53758", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:31.33Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36152 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36152", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:31.607Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=53682 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53682", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:32.223Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:32Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36470 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36470", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:58:32.777Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:58:32Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:31 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46514 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46514", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:31.517Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36852 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36852", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:31.587Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54140 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54140", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:31.603Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54064 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54064", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:31.617Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36526 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36526", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:31.717Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46882 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46882", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:31.727Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36852 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36852", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:31.883Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54140 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54140", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:31.9Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54064 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54064", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:31.943Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36526 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36526", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:32.167Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:32Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36852 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36852", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:32.22Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:32Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54064 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54064", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:32.237Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:32Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46882 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46882", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:32.457Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:32Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54140 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54140", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:32.55Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:32Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36526 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36526", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:32.83Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:32Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:31 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54064 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54064", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:32.997Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:32Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:31 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36852 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36852", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:33.263Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:31 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46882 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46882", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:33.577Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:31 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54140 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54140", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:33.767Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36526 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36526", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:34.013Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:34Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54064 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54064", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-11T01:59:34.663Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-11T01:59:34Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36852 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36852", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T14:57:42.867Z", + "Computer": "datasource", + "EventTime": "2020-06-10T14:57:42Z", + "Facility": "local0", + "HostName": "datasource", + "SeverityLevel": "info", + "SyslogMessage": "device=\"SFW\" date=2019-03-06 time=23:04:00 timezone=\"EST\" device_name=\"XG330\" device_id=A11111AAA1F9R30 log_id=010101600001 log_type=\"Firewall\" log_component=\"Firewall Rule\" log_subtype=\"Allowed\" status=\"Allow\" priority=Information duration=0 fw_rule_id=94 policy_type=1 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" in_interface=\"Port1\" out_interface=\"Port2\" src_mac=00: 0:00: 0:00: 0 src_ip=10.1.1.2 src_country_code=R1 dst_ip=10.10.10.10 dst_country_code=R1 protocol=\"TCP\" src_port=43874 dst_port=458 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"LAN\" srczone=\"LAN\" dstzonetype=\"VPN\" dstzone=\"VPN\" dir_disp=\"\" connevent=\"Start\" connid=\"3205265920\" vconnid=\"\" hb_health=\"No Heartbeat\"", + "ProcessID": "null", + "HostIP": "Unknown IP", + "ProcessName": "sophos", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "SFW", + "Date": "2019-03-06", + "Time": "23:04:00", + "Timezone": "EST", + "Device_Name": "XG330", + "Device_ID": "A11111AAA1F9R30", + "Log_ID": "010101600001", + "Log_Type": "Firewall", + "Log_Component": "Firewall Rule", + "Log_Subtype": "Allowed", + "Status": "Allow", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "94", + "Policy_Type": "1", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "Port1", + "Out_Interface": "Port2", + "Src_MAC": "00:", + "Src_IP": "10.1.1.2", + "Src_Country_Code": "R1", + "Dst_MAC": "", + "Dst_IP": "10.10.10.10", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "43874", + "Dst_Port": "458", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "LAN", + "Srczone": "LAN", + "Dstzonetype": "VPN", + "Dstzone": "VPN", + "Dir_Disp": "", + "Connevent": "Start", + "ConnID": "3205265920", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T18:13:40.72Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T18:13:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "13:40 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"pi\" src_ip=94.45.186.215 message=\"User 'pi' failed to login from '94.45.186.215' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "pi", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "94.45.186.215", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:15:39.357Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:15:39Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "15:38 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=063611517814 log_type=\"Event\" log_component=\"Gateway\" log_subtype=\"System\" priority=Notice gatewayname=\"DHCP_PortB_GW\" message=\"Gateway DHCP_PortB_GW is Up\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "063611517814", + "Log_Type": "Event", + "Log_Component": "Gateway", + "Log_Subtype": "System", + "Status": "", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:15:39.357Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T18:13:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "13:40 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"pi\" src_ip=94.45.186.215 message=\"User 'pi' failed to login from '94.45.186.215' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "pi", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "94.45.186.215", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:17:37.89Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:17:37Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "17:37 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=067411518027 log_type=\"Event\" log_component=\"AP Firmware\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=1.0.001 newversion=11.0.011 message=\"AP firmware upgraded from 1.0.001 to 11.0.011.\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "067411518027", + "Log_Type": "Event", + "Log_Component": "AP Firmware", + "Log_Subtype": "System", + "Status": "Successful", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "AP firmware upgraded from 1.0.001 to 11.0.011", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:18:00.31Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:18:00Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "17:59 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=066911518017 log_type=\"Event\" log_component=\"ATP\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=1.0.001 newversion=1.0.0303 message=\"ATP definitions upgraded from 1.0.001 to 1.0.0303.\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "066911518017", + "Log_Type": "Event", + "Log_Component": "ATP", + "Log_Subtype": "System", + "Status": "Successful", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "ATP definitions upgraded from 1.0.001 to 1.0.0303", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:18:20.02Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:18:20Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "18:19 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=064011517819 log_type=\"Event\" log_component=\"Anti-Virus\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=1.0.001 newversion=1.0.408259 message=\"Avira AV definitions upgraded from 1.0.001 to 1.0.408259.\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "064011517819", + "Log_Type": "Event", + "Log_Component": "", + "Log_Subtype": "System", + "Status": "Successful", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Avira AV definitions upgraded from 1.0.001 to 1.0.408259", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:18:21.667Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:18:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "18:21 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=067211518023 log_type=\"Event\" log_component=\"Authentication Client\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=0 newversion=1.0.0019 message=\"Authentication clients upgraded from 0 to 1.0.0019.\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "067211518023", + "Log_Type": "Event", + "Log_Component": "Authentication Client", + "Log_Subtype": "System", + "Status": "Successful", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Authentication clients upgraded from 0 to 1.0.0019", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:19:25.593Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:19:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "19:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=063911517818 log_type=\"Event\" log_component=\"IPS\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=3.16.06 newversion=18.17.16 message=\"IPS definitions upgraded from 3.16.06 to 18.17.16.\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "063911517818", + "Log_Type": "Event", + "Log_Component": "IPS", + "Log_Subtype": "System", + "Status": "Successful", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "IPS definitions upgraded from 3.16.06 to 18.17.16", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:19:37.107Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:19:37Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "19:36 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=067311518025 log_type=\"Event\" log_component=\"RED Firmware\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=0 newversion=3.0.000 message=\"RED firmware upgraded from 0 to 3.0.000.\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "067311518025", + "Log_Type": "Event", + "Log_Component": "RED Firmware", + "Log_Subtype": "System", + "Status": "Successful", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "RED firmware upgraded from 0 to 3.0.000", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:20:12.04Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:20:12Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "20:11 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=064011517819 log_type=\"Event\" log_component=\"Anti-Virus\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=1.0.001 newversion=1.0.15682 message=\"Sophos AV definitions upgraded from 1.0.001 to 1.0.15682.\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "064011517819", + "Log_Type": "Event", + "Log_Component": "", + "Log_Subtype": "System", + "Status": "Successful", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Sophos AV definitions upgraded from 1.0.001 to 1.0.15682", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:20:13.863Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:20:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "20:13 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=067111518021 log_type=\"Event\" log_component=\"IPSEC Client\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=0 newversion=1.4.001 message=\"Sophos Connect clients upgraded from 0 to 1.4.001.\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "067111518021", + "Log_Type": "Event", + "Log_Component": "IPSEC Client", + "Log_Subtype": "System", + "Status": "Successful", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Sophos Connect clients upgraded from 0 to 1.4.001", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:20:14.647Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:20:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "20:14 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=067011518019 log_type=\"Event\" log_component=\"SSLVPN Client\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=0 newversion=1.0.007 message=\"SSLVPN clients upgraded from 0 to 1.0.007.\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "067011518019", + "Log_Type": "Event", + "Log_Component": "SSLVPN Client", + "Log_Subtype": "System", + "Status": "Successful", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "SSLVPN clients upgraded from 0 to 1.0.007", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:22:16.047Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:22:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "22:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"guest\" src_ip=209.141.40.12 message=\"User 'guest' failed to login from '209.141.40.12' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "guest", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "209.141.40.12", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:22:16.077Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:22:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "22:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"hadoop\" src_ip=209.141.40.12 message=\"User 'hadoop' failed to login from '209.141.40.12' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "hadoop", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "209.141.40.12", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:22:16.077Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:22:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "22:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"user\" src_ip=209.141.40.12 message=\"User 'user' failed to login from '209.141.40.12' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "user", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "209.141.40.12", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:22:16.11Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:22:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "22:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"postgres\" src_ip=209.141.40.12 message=\"User 'postgres' failed to login from '209.141.40.12' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "postgres", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "209.141.40.12", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:22:16.117Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:22:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "22:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"root\" src_ip=209.141.40.12 message=\"User 'root' failed to login from '209.141.40.12' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "root", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "209.141.40.12", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:22:16.12Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:22:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "22:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"jenkins\" src_ip=209.141.40.12 message=\"User 'jenkins' failed to login from '209.141.40.12' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "jenkins", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "209.141.40.12", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:22:16.12Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:22:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "22:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"test\" src_ip=209.141.40.12 message=\"User 'test' failed to login from '209.141.40.12' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "test", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "209.141.40.12", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:22:16.123Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:22:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "22:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"ec2-user\" src_ip=209.141.40.12 message=\"User 'ec2-user' failed to login from '209.141.40.12' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "ec2-user", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "209.141.40.12", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:22:16.13Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:22:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "22:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"vagrant\" src_ip=209.141.40.12 message=\"User 'vagrant' failed to login from '209.141.40.12' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "vagrant", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "209.141.40.12", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:22:16.137Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:22:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "22:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"ubuntu\" src_ip=209.141.40.12 message=\"User 'ubuntu' failed to login from '209.141.40.12' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "ubuntu", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "209.141.40.12", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:22:16.15Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:22:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "22:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"oracle\" src_ip=209.141.40.12 message=\"User 'oracle' failed to login from '209.141.40.12' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "oracle", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "209.141.40.12", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:22:16.267Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:22:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "22:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=063311517913 log_type=\"Event\" log_component=\"Appliance\" log_subtype=\"System\" priority=Notice message=\"The administrative access from IP Address '209.141.40.12' is blocked for '5' minutes after '5' unsuccessful login attempts\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "063311517913", + "Log_Type": "Event", + "Log_Component": "Appliance", + "Log_Subtype": "System", + "Status": "", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:22:16.493Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:22:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "22:16 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=063311517913 log_type=\"Event\" log_component=\"Appliance\" log_subtype=\"System\" priority=Notice message=\"The administrative access from IP Address '209.141.40.12' is blocked for '5' minutes after '5' unsuccessful login attempts\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "063311517913", + "Log_Type": "Event", + "Log_Component": "Appliance", + "Log_Subtype": "System", + "Status": "", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:22:16.493Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:22:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "22:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=063311517913 log_type=\"Event\" log_component=\"Appliance\" log_subtype=\"System\" priority=Notice message=\"The administrative access from IP Address '209.141.40.12' is blocked for '5' minutes after '5' unsuccessful login attempts\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "063311517913", + "Log_Type": "Event", + "Log_Component": "Appliance", + "Log_Subtype": "System", + "Status": "", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:53:22.783Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:53:22Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "53:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"root\" src_ip=87.251.74.48 message=\"User 'root' failed to login from '87.251.74.48' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "root", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "87.251.74.48", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T19:53:22.783Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:22:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "[ date=2020-06-10 time=20:22:16 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=063311517913 log_type=\"Event\" log_component=\"Appliance\" log_subtype=\"System\" priority=Notice message=\"The administrative access from IP Address '209.141.40.12' is blocked for '5' minutes after '5' unsuccessful login attempts\"]", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "2020-06-10", + "Time": "20:22:16", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "063311517913", + "Log_Type": "Event", + "Log_Component": "Appliance", + "Log_Subtype": "System", + "Status": "", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T20:16:50.493Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T19:53:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "53:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"root\" src_ip=87.251.74.48 message=\"User 'root' failed to login from '87.251.74.48' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "root", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "87.251.74.48", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T20:16:50.493Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T20:16:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "16:49 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062009517504 log_type=\"Event\" log_component=\"GUI\" log_subtype=\"Admin\" status=\"Successful\" priority=Notice user_name=\"admin\" src_ip=96.231.150.182 message=\"Order for Firewall Rule 'rdp_to_vm' were changed by 'admin' from '96.231.150.182' using 'GUI'\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062009517504", + "Log_Type": "Event", + "Log_Component": "GUI", + "Log_Subtype": "Admin", + "Status": "Successful", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "admin", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "96.231.150.182", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T20:24:57.863Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T20:24:57Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "24:57 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062009517505 log_type=\"Event\" log_component=\"GUI\" log_subtype=\"Admin\" status=\"Successful\" priority=Notice user_name=\"admin\" src_ip=96.231.150.182 message=\"Usage statastics Settings were changed by 'admin' from '96.231.150.182' using 'GUI'\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062009517505", + "Log_Type": "Event", + "Log_Component": "GUI", + "Log_Subtype": "Admin", + "Status": "Successful", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "admin", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "96.231.150.182", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T20:47:24.147Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T20:47:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "47:24 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=063611517814 log_type=\"Event\" log_component=\"Gateway\" log_subtype=\"System\" priority=Notice gatewayname=\"DHCP_PortB_GW\" message=\"Gateway DHCP_PortB_GW is Up\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "063611517814", + "Log_Type": "Event", + "Log_Component": "Gateway", + "Log_Subtype": "System", + "Status": "", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T20:48:40.843Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T20:48:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "48:40 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=064011517819 log_type=\"Event\" log_component=\"Anti-Virus\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=1.0.408259 newversion=1.0.408263 message=\"Avira AV definitions upgraded from 1.0.408259 to 1.0.408263.\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "064011517819", + "Log_Type": "Event", + "Log_Component": "", + "Log_Subtype": "System", + "Status": "Successful", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Avira AV definitions upgraded from 1.0.408259 to 1.0.408263", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T20:58:24.943Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T20:58:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "58:24 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=063611517814 log_type=\"Event\" log_component=\"Gateway\" log_subtype=\"System\" priority=Notice gatewayname=\"DHCP_PortB_GW\" message=\"Gateway DHCP_PortB_GW is Up\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "063611517814", + "Log_Type": "Event", + "Log_Component": "Gateway", + "Log_Subtype": "System", + "Status": "", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T21:00:40.953Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T21:00:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "00:40 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=064011517819 log_type=\"Event\" log_component=\"Anti-Virus\" log_subtype=\"System\" priority=Notice status=\"Successful\" oldversion=1.0.408263 newversion=1.0.408264 message=\"Avira AV definitions upgraded from 1.0.408263 to 1.0.408264.\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "064011517819", + "Log_Type": "Event", + "Log_Component": "", + "Log_Subtype": "System", + "Status": "Successful", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Avira AV definitions upgraded from 1.0.408263 to 1.0.408264", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T21:09:52.487Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T21:09:52Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "09:52 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062009517504 log_type=\"Event\" log_component=\"GUI\" log_subtype=\"Admin\" status=\"Successful\" priority=Notice user_name=\"admin\" src_ip=10.0.2.4 SOURCE_ZONE='WAN' DESTINATION_ZONE='LAN' SECURITY_POLICY_ID='6' STATUS='Disable' message=\"Firewall Rule 'DNAT to 10.0.2.4-Internal server_1591821350976' was Disable by 'admin' from '10.0.2.4' using 'GUI'\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062009517504", + "Log_Type": "Event", + "Log_Component": "GUI", + "Log_Subtype": "Admin", + "Status": "Successful", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "admin", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "10.0.2.4", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T21:11:37.657Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T21:11:37Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "11:37 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062009517504 log_type=\"Event\" log_component=\"GUI\" log_subtype=\"Admin\" status=\"Successful\" priority=Notice user_name=\"admin\" src_ip=10.0.2.4 message=\"Nat Rule 'Loopback_NAT#3_DNAT to 10.0.2.4-Internal server_15,Reflexive_NAT#3_DNAT to 10.0.2.4-Internal server_1' was Disable by 'admin' from '10.0.2.4' using 'GUI'\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062009517504", + "Log_Type": "Event", + "Log_Component": "GUI", + "Log_Subtype": "Admin", + "Status": "Successful", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "admin", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "10.0.2.4", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:17:46.51Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:17:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "17:46 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"wwwmirror\" src_ip=41.203.76.251 message=\"User 'wwwmirror' failed to login from '41.203.76.251' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "wwwmirror", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "41.203.76.251", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:17:46.61Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:17:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "17:46 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"pzserver\" src_ip=41.203.76.251 message=\"User 'pzserver' failed to login from '41.203.76.251' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "pzserver", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "41.203.76.251", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:17:46.703Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:17:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "17:46 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"koha\" src_ip=41.203.76.251 message=\"User 'koha' failed to login from '41.203.76.251' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "koha", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "41.203.76.251", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:17:46.817Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:17:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "17:46 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"library-koha\" src_ip=41.203.76.251 message=\"User 'library-koha' failed to login from '41.203.76.251' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "library-koha", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "41.203.76.251", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:17:46.917Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:17:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "17:46 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"frappe\" src_ip=41.203.76.251 message=\"User 'frappe' failed to login from '41.203.76.251' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "frappe", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "41.203.76.251", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:17:47.027Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:17:47Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "17:46 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=063311517913 log_type=\"Event\" log_component=\"Appliance\" log_subtype=\"System\" priority=Notice message=\"The administrative access from IP Address '41.203.76.251' is blocked for '5' minutes after '5' unsuccessful login attempts\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "063311517913", + "Log_Type": "Event", + "Log_Component": "Appliance", + "Log_Subtype": "System", + "Status": "", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:17:47.077Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:17:47Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "17:46 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062109517507 log_type=\"Event\" log_component=\"CLI\" log_subtype=\"Admin\" status=\"Failed\" priority=Notice user_name=\"web-admin\" src_ip=41.203.76.251 message=\"User 'web-admin' failed to login from '41.203.76.251' using ssh because of wrong credentials\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062109517507", + "Log_Type": "Event", + "Log_Component": "CLI", + "Log_Subtype": "Admin", + "Status": "Failed", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "web-admin", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "41.203.76.251", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:17:47.187Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:17:47Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "notice", + "SyslogMessage": "17:46 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=063311517913 log_type=\"Event\" log_component=\"Appliance\" log_subtype=\"System\" priority=Notice message=\"The administrative access from IP Address '41.203.76.251' is blocked for '5' minutes after '5' unsuccessful login attempts\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "063311517913", + "Log_Type": "Event", + "Log_Component": "Appliance", + "Log_Subtype": "System", + "Status": "", + "Priority": "Notice", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:09.96Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:09Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:09 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062009617502 log_type=\"Event\" log_component=\"GUI\" log_subtype=\"Admin\" status=\"Successful\" priority=Information user_name=\"admin\" src_ip=96.231.150.182 SysLog_SERVER_NAME='AzureSentinelSyslog' message=\"SysLog Server 'AzureSentinelSyslog' settings were changed by 'admin' from '96.231.150.182' using 'GUI'\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062009617502", + "Log_Type": "Event", + "Log_Component": "GUI", + "Log_Subtype": "Admin", + "Status": "Successful", + "Priority": "Information", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "admin", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "96.231.150.182", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:25.887Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52098 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52098", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:25.953Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41154 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41154", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:25.97Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41088 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41088", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:25.983Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=51784 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "51784", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:26.09Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52098 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52098", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:26.09Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=33910 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "33910", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:26.243Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41154 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41154", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:26.293Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41088 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41088", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:26.303Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=51784 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "51784", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:26.527Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52098 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52098", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:26.603Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:26 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=33910 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "33910", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:26.613Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:26 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41088 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41088", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:26.827Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:26 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41154 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41154", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:26.913Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:26 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=51784 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "51784", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:27.22Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:26 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41088 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41088", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:27.357Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:26 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52098 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52098", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:27.627Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=33910 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "33910", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:27.94Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41154 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41154", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:28.127Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=51784 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "51784", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:28.403Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41088 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41088", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:39:29.023Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:39:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "39:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52098 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52098", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:28.347Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52352 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52352", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:28.413Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41408 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41408", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:28.43Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41332 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41332", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:28.443Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52026 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52026", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:28.55Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34158 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34158", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:28.55Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52352 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52352", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:28.71Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41408 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41408", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:28.73Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41332 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41332", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:28.777Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52026 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52026", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:28.963Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52352 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52352", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:29.05Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41332 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41332", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:29.073Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34158 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34158", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:29.287Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41408 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41408", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:29.38Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52026 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52026", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:29.657Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41332 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41332", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:29.797Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52352 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52352", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:30.097Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34158 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34158", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:30.407Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41408 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41408", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:30.597Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52026 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52026", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:30.84Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41332 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41332", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:40:31.46Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:40:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "40:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52352 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52352", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:31.05Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52546 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52546", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:31.117Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41602 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41602", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:31.133Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41526 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41526", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:31.147Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52220 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52220", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:31.253Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52546 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52546", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:31.253Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34344 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34344", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:31.407Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41602 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41602", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:31.457Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41526 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41526", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:31.467Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52220 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52220", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:31.69Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:31 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52546 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52546", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:31.767Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:31 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34344 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34344", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:31.777Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:31 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41526 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41526", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:31.98Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:31 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41602 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41602", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:32.073Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:32Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:31 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52220 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52220", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:32.383Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:32Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:31 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41526 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41526", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:32.52Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:32Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:31 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52546 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52546", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:32.79Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:32Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34344 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34344", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:33.1Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41602 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41602", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:33.29Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52220 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52220", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:33.567Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41526 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41526", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:41:34.187Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:41:34Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "41:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52546 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52546", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:33.417Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52734 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52734", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:33.483Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41790 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41790", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:33.5Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41722 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41722", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:33.513Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52416 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52416", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:33.62Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34540 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34540", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:33.623Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52734 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52734", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:33.783Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41790 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41790", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:33.8Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41722 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41722", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:33.84Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52416 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52416", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:34.063Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:34Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52734 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52734", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:34.117Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:34Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41722 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41722", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:34.14Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:34Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34540 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34540", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:34.353Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:34Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41790 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41790", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:34.447Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:34Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52416 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52416", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:34.727Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:34Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:34 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41722 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41722", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:34.897Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:34Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:34 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52734 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52734", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:35.167Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:34 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34540 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34540", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:35.477Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:34 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41790 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41790", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:35.667Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52416 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52416", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:35.91Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41722 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41722", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:42:36.56Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:42:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "42:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52734 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52734", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:35.78Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52926 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52926", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:35.847Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41982 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41982", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:35.867Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41906 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41906", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:35.877Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52600 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52600", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:35.983Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52926 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52926", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:35.987Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34732 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34732", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:36.12Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41982 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41982", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:36.17Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41906 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41906", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:36.18Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52600 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52600", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:36.403Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52926 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52926", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:36.49Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41906 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41906", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:36.513Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34732 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34732", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:36.697Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:36 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41982 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41982", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:36.79Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:36 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52600 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52600", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:37.1Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:37Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:36 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41906 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41906", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:37.237Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:37Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:36 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52926 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52926", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:37.537Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:37Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:36 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=34732 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "34732", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:37.817Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:37Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:37 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41982 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41982", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:38.007Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:37 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52600 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52600", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:38.283Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:37 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41906 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41906", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:38.9Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:38 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=52926 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52926", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:43:47.257Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:43:47Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "43:46+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"062009617502\" log_type=\"Event\" log_component=\"GUI\" log_subtype=\"Admin\" status=\"Successful\" severity=\"Information\" log_version=1 user_name=\"admin\" src_ip=\"96.231.150.182\" message=\"SysLog Server 'AzureSentinelSyslog' settings were changed by 'admin' from '96.231.150.182' using 'GUI'\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "062009617502", + "Log_Type": "Event", + "Log_Component": "GUI", + "Log_Subtype": "Admin", + "Status": "Successful", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "admin", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "96.231.150.182", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:38.303Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:37+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53210 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53210", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:38.377Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:37+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42266 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42266", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:38.387Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:37+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42190 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42190", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:38.4Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:37+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=52884 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52884", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:38.507Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:37+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53210 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53210", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:38.513Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:37+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35008 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35008", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:38.677Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:38+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42266 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42266", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:38.703Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:38+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42190 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42190", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:38.713Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:38+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=52884 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52884", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:38.937Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:38+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53210 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53210", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:39.023Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:39Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:38+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42190 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42190", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:39.053Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:39Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:38+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35008 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35008", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:39.233Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:39Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:38+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42266 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42266", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:39.32Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:39Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:38+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=52884 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52884", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:39.63Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:39Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:39+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42190 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42190", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:39.767Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:39Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:39+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53210 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53210", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:40.107Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:39+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35008 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35008", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:40.357Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:39+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42266 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42266", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:40.537Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:39+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=52884 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "52884", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:40.813Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:40+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42190 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42190", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:44:41.433Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:44:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "44:40+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53210 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53210", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:40.747Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:40+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53414 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53414", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:40.81Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:40+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42470 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42470", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:40.83Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:40+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42394 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42394", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:40.84Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:40+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53096 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53096", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:40.943Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:40+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35220 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35220", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:40.953Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:40+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53414 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53414", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:41.09Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:40+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42470 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42470", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:41.143Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:40+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42394 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42394", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:41.157Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:40+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53096 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53096", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:41.377Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:40+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53414 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53414", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:41.447Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:40+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35220 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35220", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:41.463Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:40+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42394 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42394", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:41.667Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:41+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42470 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42470", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:41.757Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:41+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53096 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53096", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:42.067Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:42Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:41+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42394 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42394", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:42.21Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:42Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:41+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53414 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53414", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:42.44Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:42Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:41+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35220 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35220", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:42.787Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:42Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:42+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42470 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42470", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:42.973Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:42Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:42+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53096 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53096", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:43.25Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:42+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42394 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42394", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:43.87Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:43+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53414 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53414", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:45:44.42Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:45:44Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "45:43+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35220 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35220", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:43.257Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:42+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53610 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53610", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:43.323Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:42+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42666 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42666", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:43.34Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:42+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42590 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42590", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:43.353Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:42+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53284 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53284", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:43.46Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:42+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35408 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35408", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:43.463Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:42+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53610 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53610", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:43.623Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:43+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42666 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42666", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:43.64Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:43+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42590 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42590", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:43.683Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:43+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53284 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53284", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:43.877Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:43+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53610 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53610", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:43.96Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:43+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42590 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42590", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:43.983Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:43+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35408 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35408", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:44.2Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:44Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:43+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42666 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42666", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:44.293Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:44Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:43+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53284 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53284", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:44.567Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:44Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:43+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42590 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42590", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:44.707Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:44Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:44+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53610 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53610", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:45.01Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:44+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35408 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35408", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:45.32Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:44+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42666 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42666", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:45.507Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:44+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53284 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53284", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:45.753Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:45+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42590 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42590", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:46:46.373Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:46:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "46:45+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53610 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53610", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:45.593Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:44+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53810 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53810", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:45.66Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:45+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42866 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42866", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:45.68Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:45+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42790 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42790", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:45.69Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:45+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53484 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53484", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:45.793Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:45+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35608 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35608", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:45.8Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:45+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53810 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53810", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:45.967Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:45+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42866 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42866", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:45.983Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:45+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42790 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42790", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:45.993Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:45+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53484 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53484", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:46.217Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:45+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53810 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53810", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:46.287Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:45+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35608 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35608", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:46.303Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:45+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42790 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42790", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:46.547Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:45+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42866 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42866", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:46.603Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:46+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53484 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53484", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:46.91Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:46+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42790 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42790", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:47.05Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:47Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:46+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53810 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53810", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:47.28Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:47Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:46+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35608 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35608", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:47.66Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:47Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:47+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42866 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42866", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:47.823Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:47Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:47+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53484 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53484", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:48.093Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:47+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42790 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42790", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:48.713Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:48+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53810 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53810", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:47:49.267Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:47:49Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "47:48+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35608 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35608", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:48.007Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:47+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53994 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53994", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:48.073Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:47+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43050 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43050", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:48.09Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:47+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42974 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42974", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:48.1Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:47+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53676 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53676", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:48.207Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:47+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35800 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35800", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:48.21Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:47+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53994 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53994", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:48.37Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:47+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43050 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43050", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:48.387Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:47+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42974 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42974", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:48.43Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:47+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53676 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53676", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:48.627Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:48+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53994 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53994", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:48.71Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:48+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42974 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42974", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:48.727Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:48+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35800 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35800", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:48.947Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:48+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43050 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43050", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:49.04Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:49Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:48+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53676 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53676", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:49.317Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:49Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:48+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42974 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42974", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:49.453Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:49Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:48+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53994 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53994", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:49.75Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:49Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:49+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=35800 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "35800", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:50.067Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:49+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43050 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43050", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:50.257Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:49+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53676 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53676", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:50.5Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:49+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=42974 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "42974", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:48:51.117Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:48:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "48:50+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53994 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53994", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:50.58Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:49+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54276 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54276", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:50.647Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:50+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43332 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43332", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:50.663Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:50+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43256 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43256", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:50.677Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:50+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53950 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53950", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:50.783Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:50+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54276 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54276", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:50.787Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:50+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=36074 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36074", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:50.95Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:50+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43332 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43332", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:50.953Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:50+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43256 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43256", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:51Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:50+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53950 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53950", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:51.22Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:50+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54276 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54276", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:51.273Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:50+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43256 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43256", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:51.297Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:50+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=36074 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36074", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:51.51Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:50+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43332 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43332", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:51.607Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:50+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53950 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53950", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:51.88Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:51+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43256 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43256", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:52.053Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:52Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:51+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54276 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54276", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:52.323Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:52Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:51+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=36074 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36074", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:52.637Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:52Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:52+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43332 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43332", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:52.82Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:52Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:52+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=53950 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "53950", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:53.067Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:52+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43256 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43256", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:49:53.717Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:49:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "49:53+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54276 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54276", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:52.997Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:52Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:52+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54468 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54468", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:53.063Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:52+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43524 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43524", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:53.08Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:52+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43448 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43448", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:53.093Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:52+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54142 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54142", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:53.197Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:52+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=36266 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36266", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:53.207Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:52+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54468 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54468", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:53.34Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:52+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43524 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43524", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:53.39Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:52+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43448 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43448", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:53.403Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:52+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54142 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54142", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:53.627Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:53+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54468 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54468", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:53.697Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:53+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=36266 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36266", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:53.71Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:53+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43448 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43448", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:53.947Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:53+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43524 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43524", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:54.01Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:54Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:53+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54142 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54142", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:54.317Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:54Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:53+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43448 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43448", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:54.457Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:54Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:53+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54468 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54468", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:54.72Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:54Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:54+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=36266 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36266", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:55.037Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:55Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:54+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43524 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43524", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:55.227Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:55Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:54+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54142 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54142", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:55.503Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:55Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:54+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43448 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43448", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:50:56.123Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:50:56Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "50:55+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54468 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54468", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:55.75Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:55Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:55+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54656 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54656", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:55.817Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:55Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:55+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43712 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43712", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:55.837Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:55Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:55+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43636 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43636", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:55.847Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:55Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:55+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54330 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54330", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:55.957Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:55Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:55+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54656 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54656", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:55.957Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:55Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:55+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=36462 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36462", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:56.097Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:56Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:55+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43712 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43712", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:56.147Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:56Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:55+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43636 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43636", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:56.16Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:56Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:55+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54330 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54330", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:56.383Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:56Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:55+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54656 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54656", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:56.467Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:56Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:55+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43636 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43636", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:56.493Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:56Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:55+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=36462 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36462", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:56.673Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:56Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:56+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43712 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43712", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:56.767Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:56Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:56+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54330 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54330", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:57.077Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:57Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:56+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43636 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43636", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:57.217Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:57Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:56+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54656 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54656", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:57.517Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:57Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:56+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"103.5.198.214\" src_country=\"HKG\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=36462 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "\"HKG\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36462", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:57.797Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:57Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:57+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.188.34\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43712 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43712", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:57.983Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:57Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:57+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.152.32\" src_country=\"DEU\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54330 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "\"DEU\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54330", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:58.26Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:58Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:57+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"84.39.157.7\" src_country=\"GBR\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=43636 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "\"GBR\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43636", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:51:58.88Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:51:58Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "51:58+0100\" device_model=\"SFVUNL\" device_serial_id=\"C010017C4483V77\" log_id=\"010202601001\" log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" log_version=1 severity=\"Information\" fw_rule_id=\"N/A\" nat_rule_id=\"0\" fw_rule_type=\"NETWORK\" vlan_id=\"0\" ether_type=\"IPv4 (0x0800)\" src_ip=\"216.163.176.36\" src_country=\"USA\" dst_ip=\"10.0.1.4\" dst_country=\"R1\" protocol=\"TCP\" src_port=80 dst_port=54656 hb_status=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" app_resolved_by=\"Signature\" app_is_cloud=\"FALSE\" qualifier=\"New\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device_name=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "", + "Device_Name": "", + "Device_ID": "", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "", + "Priority": "", + "Duration": "", + "FW_Rule_ID": "N/A\"", + "Policy_Type": "", + "User_Name": "", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "\"USA\"", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "\"R1\"", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54656", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "", + "Nat_Rule_ID": "\"0\"", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "FALSE", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:26.347Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062009617502 log_type=\"Event\" log_component=\"GUI\" log_subtype=\"Admin\" status=\"Successful\" priority=Information user_name=\"admin\" src_ip=96.231.150.182 SysLog_SERVER_NAME='AzureSentinelSyslog' message=\"SysLog Server 'AzureSentinelSyslog' settings were changed by 'admin' from '96.231.150.182' using 'GUI'\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062009617502", + "Log_Type": "Event", + "Log_Component": "GUI", + "Log_Subtype": "Admin", + "Status": "Successful", + "Priority": "Information", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "admin", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "96.231.150.182", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:58.143Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:58Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:57 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54848 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54848", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:58.21Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:58Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:57 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=43904 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43904", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:58.227Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:58Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:57 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=43828 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43828", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:58.24Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:58Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:57 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54522 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54522", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:58.347Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:58Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:57 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54848 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54848", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:58.357Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:58Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:57 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36646 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36646", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:58.503Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:58Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:57 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=43904 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43904", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:58.523Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:58Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:57 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=43828 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43828", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:58.567Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:58Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:57 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54522 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54522", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:58.79Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:58Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:58 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54848 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54848", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:58.84Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:58Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:58 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=43828 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43828", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:58.907Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:58Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:58 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36646 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36646", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:59.08Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:59Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:58 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=43904 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43904", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:59.173Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:59Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:58 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54522 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54522", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:59.45Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:59Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:58 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=43828 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43828", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:59.623Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:59Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:58 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54848 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54848", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:52:59.96Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:52:59Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:59 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36646 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36646", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:53:00.2Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:53:00Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:59 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=43904 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43904", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:53:00.39Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:53:00Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "52:59 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54522 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54522", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:53:00.633Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:53:00Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:00 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=43828 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "43828", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:53:01.287Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:53:01Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:00 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54848 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54848", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:00.607Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:00Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "53:59 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55060 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55060", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:00.673Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:00Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:00 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44116 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44116", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:00.693Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:00Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:00 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44040 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44040", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:00.703Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:00Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:00 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54734 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54734", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:00.813Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:00Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:00 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55060 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55060", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:00.813Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:00Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:00 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36858 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36858", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:00.973Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:00Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:00 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44116 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44116", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:00.99Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:00Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:00 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44040 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44040", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:01.033Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:01Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:00 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54734 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54734", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:01.227Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:01Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:00 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55060 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55060", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:01.31Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:01Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:00 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44040 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44040", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:01.337Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:01Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:00 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36858 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36858", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:01.55Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:01Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:00 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44116 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44116", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:01.643Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:01Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:01 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54734 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54734", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:01.92Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:01Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:01 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44040 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44040", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:02.057Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:02Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:01 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55060 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55060", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:02.36Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:02Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:01 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=36858 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "36858", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:02.67Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:02Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:02 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44116 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44116", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:02.86Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:02Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:02 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=54734 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "54734", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:03.103Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:03Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:02 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44040 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44040", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:54:03.723Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:54:03Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "54:03 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55060 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55060", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:03.06Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:03Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:02 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55334 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55334", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:03.133Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:03Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:02 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44392 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44392", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:03.147Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:03Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:02 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44316 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44316", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:03.157Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:03Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:02 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55010 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55010", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:03.263Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:03Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:02 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=37142 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "37142", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:03.267Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:03Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:02 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55334 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55334", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:03.417Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:03Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:02 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44392 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44392", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:03.46Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:03Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:02 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44316 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44316", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:03.473Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:03Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:02 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55010 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55010", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:03.697Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:03Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:03 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55334 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55334", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:03.77Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:03Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:03 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=37142 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "37142", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:03.78Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:03Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:03 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44316 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44316", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:03.993Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:03Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:03 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44392 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44392", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:04.08Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:04Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:03 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55010 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55010", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:04.39Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:04Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:03 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44316 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44316", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:04.527Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:04Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:03 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55334 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55334", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:04.793Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:04Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:04 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=37142 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "37142", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:05.117Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:05Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:04 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44392 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44392", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:05.297Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:05Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:04 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55010 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55010", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:05.573Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:05Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:04 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44316 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44316", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:55:06.193Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:55:06Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "55:05 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55334 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55334", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:05.433Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:05Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:04 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55532 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55532", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:05.503Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:05Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:04 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44588 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44588", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:05.52Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:05Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:04 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44512 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44512", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:05.53Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:05Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:04 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55206 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55206", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:05.637Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:05Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:04 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=37330 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "37330", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:05.64Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:05Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:04 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55532 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55532", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:05.783Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:05Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:05 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44588 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44588", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:05.833Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:05Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:05 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44512 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44512", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:05.847Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:05Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:05 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55206 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55206", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:06.07Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:06Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:05 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55532 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55532", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:06.143Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:06Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:05 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=37330 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "37330", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:06.153Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:06Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:05 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44512 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44512", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:06.36Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:06Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:05 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44588 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44588", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:06.453Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:06Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:05 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55206 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55206", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:06.767Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:06Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:06 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44512 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44512", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:06.9Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:06Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:06 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55532 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55532", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:07.167Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:07Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:06 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=37330 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "37330", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:07.48Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:07Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:06 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44588 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44588", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:07.67Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:07Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55206 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55206", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:07.947Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:07Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44512 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44512", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:56:08.567Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:56:08Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "56:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55532 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55532", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:07.97Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:07Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55716 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55716", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:08.047Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:08Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44772 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44772", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:08.057Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:08Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44704 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44704", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:08.067Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:08Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55398 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55398", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:08.17Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:08Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=37522 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "37522", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:08.173Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:08Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55716 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55716", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:08.34Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:08Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44772 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44772", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:08.367Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:08Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44704 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44704", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:08.38Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:08Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55398 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55398", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:08.603Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:08Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:07 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55716 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55716", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:08.677Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:08Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:08 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=37522 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "37522", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:08.687Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:08Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:08 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44704 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44704", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:08.9Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:08Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:08 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44772 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44772", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:08.987Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:08Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:08 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55398 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55398", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:09.3Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:09Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:08 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44704 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44704", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:09.433Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:09Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:08 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55716 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55716", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:09.703Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:09Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:09 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=37522 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "37522", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:10.057Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:09 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44772 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44772", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:10.203Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:09 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55398 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55398", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:10.487Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:09 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44704 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44704", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:57:11.1Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:57:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "57:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55716 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55716", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:10.477Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:09 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55908 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55908", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:10.543Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:09 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44964 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44964", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:10.56Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:09 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44888 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44888", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:10.573Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:09 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55582 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55582", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:10.677Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=37714 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "37714", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:10.683Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55908 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55908", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:10.853Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44964 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44964", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:10.87Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44888 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44888", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:10.88Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:10Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55582 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55582", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:11.103Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55908 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55908", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:11.177Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=37714 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "37714", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:11.19Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44888 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44888", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:11.43Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44964 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44964", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:11.49Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:10 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55582 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55582", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:11.797Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:11 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44888 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44888", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:11.937Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:11Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:11 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55908 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55908", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:12.2Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:12Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:11 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=37714 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "37714", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:12.58Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:12Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:11 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44964 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44964", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:12.707Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:12Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55582 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55582", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:12.983Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:12Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=44888 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "44888", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:58:13.6Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:58:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "58:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55908 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55908", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:13.017Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56234 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56234", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:13.09Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45290 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45290", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:13.1Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45214 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45214", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:13.117Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55908 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55908", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:13.227Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56234 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56234", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:13.227Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=38032 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "38032", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:13.39Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45290 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45290", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:13.403Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45214 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45214", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:13.447Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55908 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55908", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:13.637Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:12 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56234 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56234", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:13.723Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:13 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45214 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45214", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:13.753Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:13 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=38032 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "38032", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:13.967Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:13Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:13 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45290 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45290", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:14.087Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:13 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55908 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55908", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:14.33Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:13 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45214 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45214", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:14.47Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:13 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56234 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56234", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:14.81Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:14Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:14 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=38032 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "38032", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:15.087Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:15Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:14 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45290 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45290", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:15.337Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:15Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:14 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=55908 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "55908", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:15.517Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:15Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:14 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45214 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45214", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T22:59:16.133Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T22:59:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "59:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56234 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56234", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:15.617Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:15Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:14 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56434 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56434", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:15.69Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:15Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45494 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45494", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:15.7Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:15Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45422 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45422", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:15.713Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:15Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56116 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56116", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:15.823Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:15Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56434 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56434", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:15.827Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:15Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=38240 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "38240", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:15.987Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:15Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45494 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45494", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:16Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45422 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45422", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:16.043Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56116 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56116", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:16.237Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56434 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56434", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:16.32Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45422 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45422", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:16.35Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=38240 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "38240", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:16.563Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45494 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45494", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:16.653Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:15 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56116 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56116", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:16.93Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:16Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:16 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45422 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45422", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:17.07Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:17Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:16 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56434 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56434", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:17.407Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:17Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:16 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=38240 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "38240", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:17.683Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:17Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45494 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45494", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:17.87Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:17Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56116 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56116", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:18.113Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45422 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45422", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:00:18.73Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:00:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "00:18 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56434 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56434", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:18.153Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56652 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56652", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:18.237Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45632 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45632", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:18.247Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56326 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56326", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:18.277Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45708 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45708", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:18.353Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=38458 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "38458", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:18.357Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56652 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56652", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:18.52Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45708 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45708", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:18.537Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45632 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45632", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:18.577Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:17 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56326 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56326", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:18.77Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:18 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56652 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56652", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:18.857Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:18 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45632 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45632", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:18.873Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:18Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:18 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=38458 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "38458", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:19.093Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:18 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45708 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45708", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:19.187Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:18 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56326 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56326", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:19.463Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:18 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45632 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45632", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:19.607Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:18 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56652 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56652", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:19.897Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:19Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:19 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=38458 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "38458", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:20.247Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:20Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:19 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45708 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45708", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:20.403Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:20Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:19 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56326 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56326", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:20.647Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:20Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:19 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45632 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45632", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:01:21.267Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:01:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "01:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56652 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56652", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:20.813Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:20Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56844 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56844", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:20.88Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:20Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45900 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45900", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:20.9Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:20Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45824 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45824", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:20.91Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:20Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56518 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56518", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:21.017Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56844 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56844", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:21.02Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=38642 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "38642", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:21.197Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45824 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45824", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:21.21Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45900 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45900", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:21.24Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56518 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56518", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:21.43Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56844 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56844", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:21.517Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45824 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45824", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:21.54Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:20 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=38642 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "38642", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:21.847Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:21 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56518 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56518", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:21.85Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:21Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:21 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45900 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45900", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:22.123Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:22Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:21 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45824 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45824", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:22.263Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:22Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:21 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56844 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56844", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:22.563Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:22Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:21 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=38642 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "38642", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:23.063Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56518 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56518", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:23.097Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45900 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45900", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:23.307Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=45824 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "45824", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:02:23.933Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:02:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "02:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56844 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56844", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:23.187Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57030 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57030", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:23.253Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46086 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46086", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:23.273Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46018 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46018", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:23.283Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56712 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56712", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:23.39Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57030 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57030", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:23.393Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=38836 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "38836", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:23.55Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46086 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46086", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:23.57Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46018 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46018", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:23.617Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:22 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56712 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56712", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:23.803Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57030 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57030", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:23.89Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46018 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46018", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:23.913Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:23Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=38836 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "38836", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:24.127Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46086 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46086", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:24.22Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56712 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56712", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:24.497Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46018 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46018", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:24.637Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57030 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57030", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:24.94Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:24 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=38836 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "38836", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:25.287Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:24 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46086 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46086", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:25.437Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:24 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56712 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56712", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:25.683Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:24 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46018 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46018", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:03:26.3Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:03:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "03:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57030 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57030", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:25.637Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:24 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57308 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57308", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:25.703Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46364 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46364", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:25.72Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46288 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46288", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:25.733Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56984 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56984", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:25.843Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=39116 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "39116", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:25.843Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57308 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57308", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:25.99Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:25Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46364 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46364", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:26.04Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46288 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46288", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:26.05Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56984 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56984", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:26.277Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57308 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57308", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:26.353Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=39116 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "39116", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:26.363Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46288 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46288", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:26.567Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:25 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46364 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46364", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:26.69Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:26 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56984 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56984", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:26.973Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:26Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:26 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46288 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46288", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:27.107Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:26 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57308 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57308", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:27.377Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:26 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=39116 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "39116", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:27.687Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:26 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46364 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46364", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:27.94Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:27Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=56984 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "56984", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:28.15Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46288 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46288", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:04:28.773Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:04:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "04:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57308 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57308", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:28.153Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57506 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57506", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:28.22Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46562 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46562", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:28.24Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46486 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46486", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:28.25Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57180 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57180", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:28.357Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57506 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57506", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:28.36Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=39304 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "39304", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:28.523Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46562 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46562", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:28.54Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46486 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46486", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:28.553Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:27 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57180 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57180", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:28.777Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57506 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57506", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:28.86Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46486 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46486", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:28.887Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:28Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=39304 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "39304", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:29.097Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46562 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46562", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:29.16Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57180 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57180", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:29.47Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46486 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46486", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:29.607Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:28 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57506 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57506", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:29.91Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:29Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=39304 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "39304", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:30.217Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46562 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46562", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:30.377Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57180 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57180", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:30.653Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46486 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46486", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:05:31.27Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:05:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "05:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57506 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57506", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:30.53Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57692 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57692", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:30.597Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46748 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46748", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:30.617Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46680 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46680", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:30.627Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:29 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57374 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57374", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:30.737Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=39498 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "39498", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:30.737Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57692 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57692", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:30.897Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46748 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46748", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:30.913Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46680 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46680", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:30.957Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:30Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57374 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57374", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:31.153Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57692 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57692", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:31.237Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46680 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46680", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:31.26Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=39498 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "39498", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:31.47Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46748 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46748", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:31.567Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:30 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57374 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57374", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:31.843Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:31 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46680 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46680", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:31.98Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:31Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:31 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57692 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57692", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:32.287Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:32Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:31 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=39498 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "39498", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:32.593Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:32Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:31 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46748 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46748", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:32.783Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:32Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57374 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57374", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:33.027Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46680 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46680", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:33.27Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=10.0.2.5 src_country_code=R1 dst_ip=72.21.91.29 dst_country_code=USA protocol=\"TCP\" src_port=51580 dst_port=80 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "10.0.2.5", + "Src_Country_Code": "R1", + "Dst_MAC": "", + "Dst_IP": "72.21.91.29", + "Dst_Country_Code": "USA", + "Protocol": "TCP", + "Src_Port": "51580", + "Dst_Port": "80", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:06:33.643Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:06:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "06:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57692 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57692", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:33.313Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57884 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57884", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:33.397Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46864 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46864", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:33.41Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57558 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57558", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:33.477Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46940 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46940", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:33.517Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57884 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57884", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:33.527Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=39690 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "39690", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:33.653Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46940 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46940", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:33.703Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:32 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46864 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46864", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:33.713Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57558 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57558", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:33.937Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:33Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57884 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57884", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:34.023Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:34Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46864 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46864", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:34.057Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:34Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=39690 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "39690", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:34.23Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:34Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46940 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46940", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:34.323Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:34Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57558 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57558", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:34.643Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:34Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:33 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46864 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46864", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:34.77Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:34Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:34 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57884 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57884", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:35.11Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:34 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=39690 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "39690", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:35.373Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:34 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46940 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46940", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:35.54Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:34 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57558 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57558", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:35.817Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=46864 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "46864", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:07:36.433Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:07:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "07:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57884 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57884", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:35.813Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58112 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58112", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:35.883Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47168 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47168", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:35.9Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47092 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47092", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:35.91Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:35Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57786 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57786", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:36.017Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=39910 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "39910", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:36.02Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58112 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58112", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:36.21Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47092 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47092", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:36.22Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57786 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57786", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:36.317Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47168 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47168", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:36.44Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58112 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58112", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:36.513Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=39910 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "39910", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:36.527Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:35 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47092 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47092", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:36.827Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:36Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:36 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57786 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57786", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:37.133Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:37Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:36 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47092 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47092", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:37.18Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:37Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:36 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47168 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47168", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:37.27Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:37Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:36 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58112 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58112", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:37.537Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:37Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:36 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=39910 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "39910", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:38.04Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:37 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=57786 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "57786", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:38.317Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:37 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47092 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47092", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:38.907Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:38 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47168 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47168", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:08:38.937Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:08:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "08:38 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58112 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58112", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:38.297Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:37 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58390 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58390", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:38.383Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:37 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47378 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47378", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:38.393Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:37 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58072 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58072", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:38.45Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:37 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47446 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47446", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:38.5Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:37 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58390 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58390", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:38.503Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:37 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=40198 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "40198", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:38.657Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:37 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47446 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47446", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:38.673Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:37 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47378 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47378", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:38.717Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:38 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58072 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58072", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:38.94Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:38 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58390 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58390", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:38.997Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:38Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:38 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47378 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47378", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:39.02Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:39Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:38 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=40198 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "40198", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:39.233Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:39Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:38 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47446 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47446", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:39.327Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:39Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:38 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58072 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58072", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:39.603Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:39Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:38 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47378 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47378", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:39.773Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:39Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:39 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58390 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58390", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:40.043Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:39 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=40198 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "40198", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:40.387Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:39 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47446 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47446", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:40.543Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:39 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58072 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58072", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:40.787Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:40Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:40 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47378 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47378", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:09:41.437Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:09:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "09:40 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58390 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58390", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:41.237Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:40 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58590 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58590", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:41.303Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:40 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47646 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47646", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:41.323Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:40 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47570 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47570", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:41.333Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:40 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58274 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58274", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:41.443Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:40 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=40398 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "40398", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:41.443Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:40 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58590 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58590", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:41.607Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:40 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47646 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47646", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:41.623Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:40 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47570 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47570", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:41.637Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:40 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58274 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58274", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:41.86Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:41 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58590 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58590", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:41.943Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:41 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47570 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47570", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:41.973Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:41Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:41 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=40398 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "40398", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:42.183Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:42Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:41 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47646 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47646", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:42.243Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:42Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:41 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58274 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58274", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:42.553Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:42Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:41 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47570 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47570", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:42.69Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:42Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:41 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58590 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58590", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:42.993Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:42Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:42 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=40398 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "40398", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:43.303Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:42 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47646 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47646", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:43.46Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:42 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58274 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58274", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:43.737Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:43 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47570 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47570", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:10:44.357Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:10:44Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "10:43 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58590 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58590", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:43.677Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:42 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58790 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58790", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:43.743Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:43 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47846 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47846", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:43.76Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:43 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47770 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47770", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:43.773Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:43 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58464 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58464", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:43.877Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:43 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=40588 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "40588", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:43.88Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:43Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:43 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58790 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58790", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:44.047Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:44Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:43 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47846 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47846", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:44.063Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:44Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:43 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47770 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47770", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:44.073Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:44Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:43 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58464 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58464", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:44.3Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:44Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:43 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58790 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58790", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:44.387Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:44Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:43 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47770 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47770", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:44.4Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:44Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:43 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=40588 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "40588", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:44.62Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:44Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:43 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47846 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47846", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:44.68Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:44Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:43 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58464 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58464", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:44.99Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:44Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:44 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47770 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47770", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:45.133Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:44 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58790 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58790", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:45.427Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:44 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=40588 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "40588", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:45.74Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:45 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47846 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47846", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:45.903Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:45Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:45 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58464 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58464", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:46.173Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:45 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47770 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47770", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:11:46.793Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:11:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "11:46 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58790 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58790", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:24.44Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:24Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:23 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=062009617507 log_type=\"Event\" log_component=\"GUI\" log_subtype=\"Admin\" status=\"Successful\" priority=Information user_name=\"admin\" src_ip=96.231.150.182 message=\"Administrator 'admin' logged out of Web Admin Console.\"", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "062009617507", + "Log_Type": "Event", + "Log_Component": "GUI", + "Log_Subtype": "Admin", + "Status": "Successful", + "Priority": "Information", + "Duration": "", + "FW_Rule_ID": "", + "Policy_Type": "", + "User_Name": "admin", + "User_GP": "", + "IAP": "", + "IPS_Policy_ID": "", + "Appfilter_Policy_ID": "", + "Application": "", + "Application_Risk": "", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "96.231.150.182", + "Src_Country_Code": "", + "Dst_MAC": "", + "Dst_IP": "", + "Dst_Country_Code": "", + "Protocol": "", + "Src_Port": "", + "Dst_Port": "", + "Sent_Pkts": "", + "Recv_Pkts": "", + "Sent_Bytes": "", + "Recv_Bytes": "", + "Tran_Src_IP": "", + "Tran_Src_Port": "", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Administrator 'admin' logged out of Web Admin Console", + "AppResolvedBy": "", + "Nat_Rule_ID": "", + "Vlan_ID": "", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:46.283Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:45 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58982 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58982", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:46.367Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:45 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47962 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47962", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:46.373Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:45 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48038 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48038", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:46.38Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:45 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58656 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58656", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:46.483Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:45 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=40788 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "40788", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:46.49Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:45 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58982 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58982", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:46.64Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:45 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48038 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48038", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:46.66Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:45 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47962 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47962", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:46.703Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:45 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58656 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58656", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:46.927Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:46 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58982 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58982", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:46.98Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:46 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47962 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47962", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:46.997Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:46Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:46 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=40788 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "40788", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:47.227Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:47Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:46 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48038 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48038", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:47.31Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:47Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:46 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58656 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58656", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:47.587Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:47Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:46 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47962 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47962", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:47.757Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:47Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:47 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58982 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58982", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:48.023Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:47 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=40788 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "40788", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:48.343Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:47 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48038 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48038", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:48.527Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:47 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58656 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58656", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:48.773Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:48 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=47962 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "47962", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:12:49.423Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:12:49Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "12:48 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58982 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58982", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:48.673Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:47 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=59176 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "59176", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:48.747Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:48 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48232 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48232", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:48.757Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:48 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48156 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48156", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:48.77Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:48 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58858 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58858", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:48.877Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:48 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=40982 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "40982", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:48.88Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:48Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:48 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=59176 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "59176", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:49.053Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:49Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:48 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48232 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48232", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:49.063Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:49Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:48 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48156 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48156", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:49.077Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:49Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:48 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58858 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58858", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:49.3Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:49Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:48 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=59176 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "59176", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:49.383Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:49Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:48 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48156 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48156", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:49.407Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:49Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:48 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=40982 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "40982", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:49.63Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:49Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:48 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48232 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48232", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:49.683Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:49Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:48 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58858 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58858", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:49.993Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:49Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:49 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48156 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48156", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:50.133Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:49 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=59176 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "59176", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:50.43Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:49 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=40982 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "40982", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:50.78Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:50 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48232 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48232", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:50.903Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:50Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:50 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=58858 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "58858", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:51.177Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:50 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48156 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48156", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:13:51.797Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:13:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "13:51 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=59176 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "59176", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:51.15Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:50 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=59458 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "59458", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:51.217Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:50 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48514 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48514", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:51.233Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:50 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48438 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48438", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:51.247Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:50 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=59132 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "59132", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:51.353Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:50 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=59458 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "59458", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:51.357Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:50 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41256 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41256", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:51.533Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:50 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48438 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48438", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:51.563Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:50 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48514 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48514", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:51.577Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:50 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=59132 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "59132", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:51.767Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:51 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=59458 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "59458", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:51.857Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:51 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48438 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48438", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:51.88Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:51Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:51 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41256 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41256", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:52.093Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:52Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:51 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48514 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48514", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:52.187Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:52Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:51 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=59132 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "59132", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:52.463Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:52Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:51 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48438 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48438", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:52.6Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:52Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:51 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.176.36 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=59458 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.176.36", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "59458", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:52.903Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:52Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:52 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=103.5.198.214 src_country_code=HKG dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=41256 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "103.5.198.214", + "Src_Country_Code": "HKG", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "41256", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:53.23Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:52 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=216.163.188.34 src_country_code=USA dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48514 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "216.163.188.34", + "Src_Country_Code": "USA", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48514", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:53.4Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:52 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.152.32 src_country_code=DEU dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=59132 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.152.32", + "Src_Country_Code": "DEU", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "59132", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + }, + { + "TenantId": "7fd9e2ab-0a09-4afa-9fa7-1f952f9a97fa", + "SourceSystem": "Linux", + "TimeGenerated": "2020-06-10T23:14:53.647Z", + "Computer": "52.152.175.228", + "EventTime": "2020-06-10T23:14:53Z", + "Facility": "local0", + "HostName": "52.152.175.228", + "SeverityLevel": "info", + "SyslogMessage": "14:52 timezone=\"BST\" device_name=\"SFVUNL\" device_id=C010017C4483V77 log_id=010202601001 log_type=\"Firewall\" log_component=\"Invalid Traffic\" log_subtype=\"Denied\" status=\"Deny\" priority=Information duration=0 fw_rule_id=0 nat_rule_id=0 policy_type=0 user_name=\"\" user_gp=\"\" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=\"\" application_risk=0 application_technology=\"\" application_category=\"\" vlan_id=\"0\" ether_type=IPv4 (0x0800) bridge_name=\"\" bridge_display_name=\"\" in_interface=\"\" in_display_interface=\"\" out_interface=\"\" out_display_interface=\"\" src_mac= dst_mac= src_ip=84.39.157.7 src_country_code=GBR dst_ip=10.0.1.4 dst_country_code=R1 protocol=\"TCP\" src_port=80 dst_port=48438 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=\"\" srczone=\"\" dstzonetype=\"\" dstzone=\"\" dir_disp=\"\" connid=\"\" vconnid=\"\" hb_health=\"No Heartbeat\" message=\"Could not associate packet to any connection.\" appresolvedby=\"Signature\" app_is_cloud=0", + "ProcessID": "null", + "HostIP": "52.152.175.228", + "ProcessName": "device=\"SFW\"", + "MG": "00000000-0000-0000-0000-000000000002", + "Type": "Syslog", + "_ResourceId": "/subscriptions/fa1a2366-3d81-4fc9-931a-bca12cfe60da/resourcegroups/e19110701mfstdemo/providers/microsoft.compute/virtualmachines/mfstsyslogdemo", + "Device": "", + "Date": "", + "Time": "", + "Timezone": "BST", + "Device_Name": "SFVUNL", + "Device_ID": "C010017C4483V77", + "Log_ID": "010202601001", + "Log_Type": "Firewall", + "Log_Component": "Invalid Traffic", + "Log_Subtype": "Denied", + "Status": "Deny", + "Priority": "Information", + "Duration": "0", + "FW_Rule_ID": "0", + "Policy_Type": "0", + "User_Name": "", + "User_GP": "", + "IAP": "0", + "IPS_Policy_ID": "0", + "Appfilter_Policy_ID": "0", + "Application": "", + "Application_Risk": "0", + "Application_Technology": "", + "Application_Category": "", + "In_Interface": "", + "Out_Interface": "", + "Src_MAC": "", + "Src_IP": "84.39.157.7", + "Src_Country_Code": "GBR", + "Dst_MAC": "", + "Dst_IP": "10.0.1.4", + "Dst_Country_Code": "R1", + "Protocol": "TCP", + "Src_Port": "80", + "Dst_Port": "48438", + "Sent_Pkts": "0", + "Recv_Pkts": "0", + "Sent_Bytes": "0", + "Recv_Bytes": "0", + "Tran_Src_IP": "", + "Tran_Src_Port": "0", + "Tran_Dst_IP": "", + "Tran_Dst_Port": "0", + "Srczonetype": "", + "Srczone": "", + "Dstzonetype": "", + "Dstzone": "", + "Dir_Disp": "", + "Connevent": "", + "ConnID": "", + "VconnID": "", + "HB_Health": "", + "Message": "Could not associate packet to any connection", + "AppResolvedBy": "Signature", + "Nat_Rule_ID": "0", + "Vlan_ID": "0", + "Ether_Type": "", + "Bridge_Name": "", + "Web_Policy_ID": "", + "App_IS_Cloud": "", + "Bridge_Display_Name": "", + "In_Display_Interface": "", + "Out_Display_Interface": "" + } +] diff --git a/Workbooks/Images/Logos/okta_logo.svg b/Workbooks/Images/Logos/okta_logo.svg new file mode 100644 index 0000000000..7eb5b7a474 --- /dev/null +++ b/Workbooks/Images/Logos/okta_logo.svg @@ -0,0 +1,14 @@ + + + + + + + + + + + + + + \ No newline at end of file diff --git a/Workbooks/Images/Logos/sophos_logo.svg b/Workbooks/Images/Logos/sophos_logo.svg new file mode 100644 index 0000000000..991d7fd2f4 --- /dev/null +++ b/Workbooks/Images/Logos/sophos_logo.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/Workbooks/Images/Preview/OktaSingleSignOnBlack.png b/Workbooks/Images/Preview/OktaSingleSignOnBlack.png new file mode 100644 index 0000000000..13e0fb48f3 Binary files /dev/null and b/Workbooks/Images/Preview/OktaSingleSignOnBlack.png differ diff --git a/Workbooks/Images/Preview/OktaSingleSignOnWhite.png b/Workbooks/Images/Preview/OktaSingleSignOnWhite.png new file mode 100644 index 0000000000..7f6ca2e1ed Binary files /dev/null and b/Workbooks/Images/Preview/OktaSingleSignOnWhite.png differ diff --git a/Workbooks/Images/Preview/SophosXGFirewallBlack.png b/Workbooks/Images/Preview/SophosXGFirewallBlack.png new file mode 100644 index 0000000000..8c6b8b658f Binary files /dev/null and b/Workbooks/Images/Preview/SophosXGFirewallBlack.png differ diff --git a/Workbooks/Images/Preview/SophosXGFirewallWhite.png b/Workbooks/Images/Preview/SophosXGFirewallWhite.png new file mode 100644 index 0000000000..1562ed1c92 Binary files /dev/null and b/Workbooks/Images/Preview/SophosXGFirewallWhite.png differ diff --git a/Workbooks/OktaSingleSignOn.json b/Workbooks/OktaSingleSignOn.json new file mode 100644 index 0000000000..6f47932c01 --- /dev/null +++ b/Workbooks/OktaSingleSignOn.json @@ -0,0 +1,984 @@ +{ + "version": "Notebook/1.0", + "items": [ + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "23197862-8ab5-4aa4-8e78-bb26fbf1a6bc", + "version": "KqlParameterItem/1.0", + "name": "TimeRange", + "label": "Time Range", + "type": 4, + "isRequired": true, + "value": { + "durationMs": 2419200000 + }, + "typeSettings": { + "selectableValues": [ + { + "durationMs": 300000 + }, + { + "durationMs": 900000 + }, + { + "durationMs": 1800000 + }, + { + "durationMs": 3600000 + }, + { + "durationMs": 14400000 + }, + { + "durationMs": 43200000 + }, + { + "durationMs": 86400000 + }, + { + "durationMs": 172800000 + }, + { + "durationMs": 259200000 + }, + { + "durationMs": 604800000 + }, + { + "durationMs": 1209600000 + }, + { + "durationMs": 2419200000 + }, + { + "durationMs": 2592000000 + }, + { + "durationMs": 5184000000 + }, + { + "durationMs": 7776000000 + } + ], + "allowCustom": true + }, + "resourceType": "microsoft.insights/components" + } + ], + "style": "above", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "parameters - 2" + }, + { + "type": 11, + "content": { + "version": "LinkItem/1.0", + "style": "tabs", + "links": [ + { + "cellValue": "selectedTab", + "linkTarget": "parameter", + "linkLabel": "Administrative", + "subTarget": "General", + "preText": "Session/User Analysis", + "style": "link" + }, + { + "cellValue": "selectedTab", + "linkTarget": "parameter", + "linkLabel": "Application", + "subTarget": "Application", + "style": "link" + }, + { + "cellValue": "selectedTab", + "linkTarget": "parameter", + "linkLabel": "Session/User Analysis", + "subTarget": "Analysis", + "preText": "Session/User Analysis", + "style": "link" + } + ] + }, + "name": "links - 13" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "fc39a4b9-f38a-4a3e-bf83-845441828fb8", + "version": "KqlParameterItem/1.0", + "name": "ApplicationList", + "label": "Application", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "'", + "delimiter": ",", + "query": "Okta_CL\r\n| mv-expand todynamic(target_s)\r\n| where target_s.type == \"AppInstance\"\r\n| distinct tostring(target_s.alternateId)\r\n| sort by target_s_alternateId asc", + "value": [ + "value::all" + ], + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ] + }, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "above", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "Application" + }, + "name": "parameters - 15" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Okta_CL\r\n| where eventType_s == \"user.session.start\"\r\n| summarize Count = count() by Results = outcome_result_s, bin(TimeGenerated, {TimeRange:grain})", + "size": 0, + "title": "Console Login by Result", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "barchart", + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "Results", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "FAILURE", + "color": "red" + }, + { + "seriesName": "SUCCESS", + "color": "green" + } + ] + } + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "General" + }, + "customWidth": "50", + "name": "query - 5" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Okta_CL\r\n| where eventType_s == \"user.session.start\"\r\n| where outcome_result_s == \"FAILURE\"\r\n| summarize Total = count() by User = actor_alternateId_s\r\n| top 10 by Total", + "size": 0, + "title": "Top 10 Failed Console Logins by User", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Total", + "formatter": 3, + "formatOptions": { + "palette": "coldHot" + } + } + ] + }, + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "Results", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "FAILURE", + "color": "red" + }, + { + "seriesName": "SUCCESS", + "color": "green" + } + ] + } + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "General" + }, + "customWidth": "50", + "name": "query - 5 - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Okta_CL\r\n| where eventType_s == \"user.authentication.auth_via_mfa\"\r\n| where outcome_result_s == \"FAILURE\"\r\n| summarize count() by actor_alternateId_s\r\n| top 10 by count_", + "size": 0, + "title": "Top 10 Failed MFA Authentications by User", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "count_", + "formatter": 3, + "formatOptions": { + "palette": "coldHot" + } + }, + { + "columnMatch": "Total", + "formatter": 3, + "formatOptions": { + "palette": "coldHot" + } + } + ], + "labelSettings": [ + { + "columnId": "actor_alternateId_s", + "label": "User" + }, + { + "columnId": "count_", + "label": "Total" + } + ] + }, + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "Results", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "FAILURE", + "color": "red" + }, + { + "seriesName": "SUCCESS", + "color": "green" + } + ] + } + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "General" + }, + "customWidth": "50", + "name": "query - 5 - Copy - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Okta_CL\r\n| where eventType_s == \"user.authentication.auth_via_mfa\"\r\n| summarize Count=count() by Results = outcome_result_s, bin(TimeGenerated, {TimeRange:grain})", + "size": 0, + "title": "MFA Authentications by Result", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "barchart", + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "Results", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "SUCCESS", + "color": "green" + }, + { + "seriesName": "FAILURE", + "color": "red" + } + ] + } + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "General" + }, + "customWidth": "50", + "name": "query - 5 - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Okta_CL\r\n| mv-expand todynamic(target_s)\r\n| where target_s.type == \"AppInstance\"\r\n| summarize count() by tostring(target_s.displayName)\r\n| top 10 by count_", + "size": 0, + "title": "Active Applications", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "Users", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "General" + }, + "customWidth": "50", + "name": "query - 3" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Okta_CL\r\n| mv-expand todynamic(target_s)\r\n| where target_s.type == \"AppInstance\"\r\n| summarize count() by tostring(target_s.displayName), bin(TimeGenerated, {TimeRange:grain})", + "size": 0, + "title": "Active Applications", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "areachart", + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "Users", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "General" + }, + "customWidth": "50", + "name": "Events by Application" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Okta_CL\r\n| where eventType_s == \"application.user_membership.add\"\r\n| extend TargetUser = tostring(parse_json(target_s)[0].alternateId)\r\n| extend Application = tostring(parse_json(target_s)[1].alternateId)\r\n| summarize count() by ['Event Time'] = published_t, ['Source User'] = actor_alternateId_s, Application, ['Target User'] = TargetUser\r\n| project-away count_\r\n| sort by ['Event Time'] desc", + "size": 0, + "title": "Users Added to Application", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "General" + }, + "customWidth": "50", + "name": "query - 18" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Okta_CL\r\n| where eventType_s == \"application.user_membership.remove\"\r\n| extend TargetUser = tostring(parse_json(target_s)[0].alternateId)\r\n| extend Application = tostring(parse_json(target_s)[1].alternateId)\r\n| summarize count() by published_t, SourceUser = actor_alternateId_s, Application, TargetUser\r\n| project-away count_\r\n| sort by published_t desc\r\n", + "size": 0, + "title": "Users Removed from Application", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "General" + }, + "customWidth": "50", + "name": "query - 18 - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Okta_CL\r\n| mv-expand todynamic(target_s)\r\n| where target_s.type == \"AppInstance\"\r\n| where target_s.alternateId in ({ApplicationList}) or '*' in ({ApplicationList})\r\n| summarize count() by tostring(target_s.alternateId), bin(TimeGenerated,{TimeRange:grain})", + "size": 0, + "title": "Total Events by Application", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "barchart" + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "Application" + }, + "customWidth": "50", + "name": "query - 12" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Okta_CL\r\n| mv-expand todynamic(target_s)\r\n| where target_s.type == \"AppInstance\"\r\n| where target_s.alternateId in ({ApplicationList}) or '*' in ({ApplicationList})\r\n| where eventType_s has \"authentication\"\r\n| where outcome_result_s == \"FAILURE\"\r\n| summarize count() by tostring(target_s.alternateId), bin(TimeGenerated,{TimeRange:grain})", + "size": 0, + "title": "Failed Logins by Application", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "barchart" + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "Application" + }, + "customWidth": "50", + "name": "query - 12 - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Okta_CL\r\n| mv-expand todynamic(target_s)\r\n| where target_s.type == \"AppInstance\"\r\n| where target_s.alternateId in ({ApplicationList}) or '*' in ({ApplicationList})\r\n| summarize Total = count() by Application = tostring(target_s.alternateId)\r\n| top 10 by Total", + "size": 0, + "title": "Top 10 Event Count by Application", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "Application" + }, + "customWidth": "50", + "name": "query - 12 - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Okta_CL\r\n| mv-expand todynamic(target_s)\r\n| where target_s.type == \"AppInstance\"\r\n| where eventType_s has \"authentication\"\r\n| where target_s.alternateId in ({ApplicationList}) or '*' in ({ApplicationList})\r\n| summarize SUCCESS = countif(outcome_result_s == \"SUCCESS\"), FAILURE = countif(outcome_result_s == \"FAILURE\"), Total = count() by User = actor_alternateId_s\r\n| top 10 by Total\r\n", + "size": 0, + "title": "Top 10 User Authentications", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "SUCCESS", + "formatter": 8, + "formatOptions": { + "palette": "red" + } + }, + { + "columnMatch": "FAILURE", + "formatter": 8, + "formatOptions": { + "palette": "green" + } + }, + { + "columnMatch": "Total", + "formatter": 3, + "formatOptions": { + "palette": "coldHot" + } + } + ] + } + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "Application" + }, + "customWidth": "50", + "name": "query - 12 - Copy - Copy" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "427470db-f8f8-461c-adc7-47fe5202b5d1", + "version": "KqlParameterItem/1.0", + "name": "SessionID", + "label": "Session ID", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "'", + "delimiter": ",", + "query": "Okta_CL\r\n| where actor_alternateId_s !in (\"system@okta.com\")\r\n| distinct authenticationContext_externalSessionId_s\r\n| sort by authenticationContext_externalSessionId_s asc", + "value": [ + "value::all" + ], + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ] + }, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + { + "id": "939a52ae-0662-4483-a52b-35287b151074", + "version": "KqlParameterItem/1.0", + "name": "User", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "'", + "delimiter": ",", + "query": "Okta_CL\r\n| where actor_alternateId_s !in (\"system@okta.com\")\r\n| distinct actor_alternateId_s\r\n| sort by actor_alternateId_s asc", + "value": [ + "value::all" + ], + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ] + }, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + { + "id": "059ad6dc-5f2f-490d-941a-d9f87cf71723", + "version": "KqlParameterItem/1.0", + "name": "EventTypes", + "label": "Event Type", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "'", + "delimiter": ",", + "query": "Okta_CL\r\n| distinct eventType_s\r\n| sort by eventType_s asc", + "value": [ + "user.session.start" + ], + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ] + }, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "above", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "Analysis" + }, + "name": "parameters - 7" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Okta_CL\r\n| where authenticationContext_externalSessionId_s in ({SessionID})\r\n| where actor_alternateId_s in ({User}) or '*' in ({User})\r\n| where eventType_s in ({EventTypes}) or '*' in ({EventTypes})\r\n| summarize count(eventType_s) by actor_alternateId_s, bin(published_t, {TimeRange:grain})", + "size": 0, + "showAnnotations": true, + "title": "User Events Timeline", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "barchart", + "gridSettings": { + "sortBy": [ + { + "itemKey": "actor_alternateId_s", + "sortOrder": 2 + } + ] + }, + "sortBy": [ + { + "itemKey": "actor_alternateId_s", + "sortOrder": 2 + } + ] + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "Analysis" + }, + "customWidth": "50", + "name": "query - 8 - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Okta_CL\r\n| where authenticationContext_externalSessionId_s in ({SessionID})\r\n| where actor_alternateId_s in ({User}) or '*' in ({User})\r\n| where eventType_s in ({EventTypes}) or '*' in ({EventTypes})\r\n| summarize count() by authenticationContext_externalSessionId_s, published_t, eventType_s, actor_alternateId_s\r\n| sort by authenticationContext_externalSessionId_s asc, published_t asc", + "size": 0, + "title": "User Event Details", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "sortBy": [ + { + "itemKey": "actor_alternateId_s", + "sortOrder": 2 + } + ], + "labelSettings": [ + { + "columnId": "authenticationContext_externalSessionId_s", + "label": "Session ID" + }, + { + "columnId": "published_t", + "label": "Event Time" + }, + { + "columnId": "eventType_s", + "label": "Event Type" + }, + { + "columnId": "actor_alternateId_s", + "label": "User" + }, + { + "columnId": "count_", + "label": "Total" + } + ] + }, + "sortBy": [ + { + "itemKey": "actor_alternateId_s", + "sortOrder": 2 + } + ] + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "Analysis" + }, + "customWidth": "50", + "name": "query - 8" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Okta_CL\r\n| mv-expand todynamic(target_s)\r\n| where target_s.type == \"AppInstance\"\r\n| where eventType_s has \"authentication\"\r\n| where authenticationContext_externalSessionId_s in ({SessionID})\r\n| where actor_alternateId_s in ({User}) or '*' in ({User})\r\n| where eventType_s in ({EventTypes}) or '*' in ({EventTypes})\r\n| summarize SUCCESS = countif(outcome_result_s == \"SUCCESS\"), FAILURE = countif(outcome_result_s == \"FAILURE\"), Total = count() by actor_alternateId_s, tostring(target_s.alternateId)\r\n| sort by actor_alternateId_s asc, target_s_alternateId asc\r\n\r\n", + "size": 0, + "title": "Application Authentications", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "SUCCESS", + "formatter": 8, + "formatOptions": { + "palette": "green" + } + }, + { + "columnMatch": "FAILURE", + "formatter": 8, + "formatOptions": { + "palette": "red" + } + }, + { + "columnMatch": "Total", + "formatter": 3, + "formatOptions": { + "palette": "blue" + } + } + ], + "labelSettings": [ + { + "columnId": "actor_alternateId_s", + "label": "User" + }, + { + "columnId": "target_s_alternateId", + "label": "Application" + }, + { + "columnId": "SUCCESS" + }, + { + "columnId": "FAILURE" + }, + { + "columnId": "Total" + } + ] + }, + "sortBy": [] + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "Analysis" + }, + "customWidth": "50", + "name": "query - 8 - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Okta_CL\r\n| where authenticationContext_externalSessionId_s in ({SessionID})\r\n| where actor_alternateId_s in ({User}) or '*' in ({User})\r\n| where eventType_s in ({EventTypes}) or '*' in ({EventTypes})\r\n| summarize count(eventType_s) by \tCity = client_geographicalContext_city_s, actor_alternateId_s, Country = client_geographicalContext_country_s, latitude = client_geographicalContext_geolocation_lat_d, longitude = client_geographicalContext_geolocation_lon_d, Results = outcome_result_s", + "size": 0, + "title": "User Events by Geo-Location", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "map", + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "Users", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "mapSettings": { + "locInfo": "LatLong", + "latitude": "latitude", + "longitude": "longitude", + "sizeSettings": "count_eventType_s", + "sizeAggregation": "Sum", + "labelSettings": "actor_alternateId_s", + "legendMetric": "count_eventType_s", + "legendAggregation": "Sum", + "itemColorSettings": { + "nodeColorField": "count_eventType_s", + "colorAggregation": "Sum", + "type": "heatmap", + "heatmapPalette": "greenRed" + } + } + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "Analysis" + }, + "customWidth": "50", + "name": "query - 3 - Copy - Copy" + } + ], + "fromTemplateId": "sentinel-UserWorkbook", + "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json" +} \ No newline at end of file diff --git a/Workbooks/SophosXGFirewall.json b/Workbooks/SophosXGFirewall.json new file mode 100644 index 0000000000..a36acb52a9 --- /dev/null +++ b/Workbooks/SophosXGFirewall.json @@ -0,0 +1,520 @@ +{ + "version": "Notebook/1.0", + "items": [ + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "3a1905da-e863-4fb1-a4cc-373bfa047344", + "version": "KqlParameterItem/1.0", + "name": "TimeRange", + "label": "Time Range", + "type": 4, + "isRequired": true, + "value": { + "durationMs": 604800000 + }, + "typeSettings": { + "selectableValues": [ + { + "durationMs": 300000 + }, + { + "durationMs": 900000 + }, + { + "durationMs": 1800000 + }, + { + "durationMs": 3600000 + }, + { + "durationMs": 14400000 + }, + { + "durationMs": 43200000 + }, + { + "durationMs": 86400000 + }, + { + "durationMs": 172800000 + }, + { + "durationMs": 259200000 + }, + { + "durationMs": 604800000 + }, + { + "durationMs": 1209600000 + }, + { + "durationMs": 2419200000 + }, + { + "durationMs": 2592000000 + }, + { + "durationMs": 5184000000 + }, + { + "durationMs": 7776000000 + } + ], + "allowCustom": true + }, + "resourceType": "microsoft.insights/components" + } + ], + "style": "above", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "parameters - 0" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SophosXGFirewall\r\n| where Log_Type == \"Firewall\"\r\n| summarize inbound = countif(not(ipv4_is_match(\"10.0.0.0\",Src_IP,8) or ipv4_is_match(\"172.16.0.0\",Src_IP,12) or ipv4_is_match(\"192.168.0.0\",Src_IP,16))), outbound = countif((ipv4_is_match(\"10.0.0.0\",Src_IP,8) or ipv4_is_match(\"172.16.0.0\",Src_IP,12) or ipv4_is_match(\"192.168.0.0\",Src_IP,16))), deny = countif(Status == \"Deny\"), count() by bin(TimeGenerated, {TimeRange:grain})\r\n| project-away count_", + "size": 0, + "title": "Network Traffic by Direction", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "areachart" + }, + "customWidth": "50", + "name": "query - 8" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SophosXGFirewall\r\n| where Log_Type == \"Firewall\"\r\n| where Status in (\"Allow\",\"Deny\")\r\n| summarize count() by Status, bin(TimeGenerated, {TimeRange:grain})", + "size": 0, + "title": "Events by Action", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "barchart", + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "Allow", + "color": "green" + }, + { + "seriesName": "Deny", + "color": "red" + } + ] + } + }, + "customWidth": "50", + "name": "query - 1" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SophosXGFirewall\r\n| where Log_Type == \"Firewall\" and Status =~ \"Deny\"\r\n| where not(ipv4_is_match(\"10.0.0.0\",Src_IP,8) or ipv4_is_match(\"172.16.0.0\",Src_IP,12) or ipv4_is_match(\"192.168.0.0\",Src_IP,16))\r\n| summarize Total = count() by ['Source IP'] = Src_IP\r\n| top 10 by Total", + "size": 0, + "title": "Top 10 Denied Inbound Source IPs", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Total", + "formatter": 3, + "formatOptions": { + "palette": "coldHot" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2 + } + } + } + ] + }, + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "Allow", + "color": "green" + }, + { + "seriesName": "Deny", + "color": "red" + } + ] + } + }, + "customWidth": "50", + "name": "query - 1 - Copy - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SophosXGFirewall\r\n| where Log_Type == \"Firewall\" and Status =~ \"Deny\"\r\n| where (ipv4_is_match(\"10.0.0.0\",Src_IP,8) or ipv4_is_match(\"172.16.0.0\",Src_IP,12) or ipv4_is_match(\"192.168.0.0\",Src_IP,16))\r\n| summarize Total = count() by ['Destination IP'] = Dst_IP\r\n| top 10 by Total", + "size": 0, + "title": "Top 10 Denied Outbound Destination IPs", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Total", + "formatter": 3, + "formatOptions": { + "palette": "coldHot" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "useGrouping": false, + "maximumFractionDigits": 2 + } + } + } + ] + }, + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "Allow", + "color": "green" + }, + { + "seriesName": "Deny", + "color": "red" + } + ] + } + }, + "customWidth": "50", + "name": "query - 1 - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SophosXGFirewall\r\n| where Log_Type == \"Firewall\" and Status =~ \"Deny\"\r\n| where not(ipv4_is_match(\"10.0.0.0\",Src_IP,8) or ipv4_is_match(\"172.16.0.0\",Src_IP,12) or ipv4_is_match(\"192.168.0.0\",Src_IP,16))\r\n| summarize Total = count() by Port = Src_Port\r\n| top 10 by Total", + "size": 0, + "title": "Top 10 Denied Inbound Ports", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Total", + "formatter": 3, + "formatOptions": { + "palette": "coldHot" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "useGrouping": false, + "maximumFractionDigits": 2 + } + } + } + ] + }, + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "Allow", + "color": "green" + }, + { + "seriesName": "Deny", + "color": "red" + } + ] + } + }, + "customWidth": "50", + "name": "query - 1 - Copy - Copy - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SophosXGFirewall\r\n| where Log_Type == \"Firewall\" and Status == \"Deny\"\r\n| where (ipv4_is_match(\"10.0.0.0\",Src_IP,8) or ipv4_is_match(\"172.16.0.0\",Src_IP,12) or ipv4_is_match(\"192.168.0.0\",Src_IP,16))\r\n| summarize Total = count() by Port = Dst_Port\r\n| top 10 by Total", + "size": 0, + "title": "Top 10 Denied Outbound Ports", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Total", + "formatter": 3, + "formatOptions": { + "palette": "coldHot" + } + } + ] + }, + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "Allow", + "color": "green" + }, + { + "seriesName": "Deny", + "color": "red" + } + ] + } + }, + "customWidth": "50", + "name": "query - 1 - Copy - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SophosXGFirewall\r\n| where Log_Type == \"Firewall\" and Status == \"Deny\"\r\n| where not(ipv4_is_match(\"10.0.0.0\",Src_IP,8) or ipv4_is_match(\"172.16.0.0\",Src_IP,12) or ipv4_is_match(\"192.168.0.0\",Src_IP,16))\r\n| where isnotempty(Src_Country_Code)\r\n| summarize Total = count() by ['Source Country'] = Src_Country_Code\r\n| top 10 by Total", + "size": 0, + "title": "Top 10 Denied Inbound Traffic by Country", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Total", + "formatter": 3, + "formatOptions": { + "palette": "coldHot" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "useGrouping": false, + "maximumFractionDigits": 2 + } + } + } + ] + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Dst_Country_Code", + "sizeSettings": "count_", + "sizeAggregation": "Sum", + "legendMetric": "count_", + "legendAggregation": "Sum", + "itemColorSettings": { + "nodeColorField": "count_", + "colorAggregation": "Sum", + "type": "heatmap", + "heatmapPalette": "greenRed" + } + } + }, + "customWidth": "50", + "name": "query - 5 - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SophosXGFirewall\r\n| where Log_Type == \"Firewall\"\r\n| where not(ipv4_is_match(\"10.0.0.0\",Src_IP,8) or ipv4_is_match(\"172.16.0.0\",Src_IP,12) or ipv4_is_match(\"192.168.0.0\",Src_IP,16))\r\n| where isnotempty(Src_Country_Code)\r\n| summarize count() by Src_Country_Code, bin(TimeGenerated, {TimeRange:grain})\r\n", + "size": 0, + "title": "Denied Inbound Traffic by Country", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "linechart", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Total", + "formatter": 3, + "formatOptions": { + "palette": "coldHot" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "useGrouping": false, + "maximumFractionDigits": 2 + } + } + } + ] + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Dst_Country_Code", + "sizeSettings": "count_", + "sizeAggregation": "Sum", + "legendMetric": "count_", + "legendAggregation": "Sum", + "itemColorSettings": { + "nodeColorField": "count_", + "colorAggregation": "Sum", + "type": "heatmap", + "heatmapPalette": "greenRed" + } + } + }, + "customWidth": "50", + "name": "query - 5 - Copy - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SophosXGFirewall\r\n| where Log_Type == \"Firewall\" and Status == \"Deny\"\r\n| where (ipv4_is_match(\"10.0.0.0\",Src_IP,8) or ipv4_is_match(\"172.16.0.0\",Src_IP,12) or ipv4_is_match(\"192.168.0.0\",Src_IP,16))\r\n| where isnotempty(Dst_Country_Code)\r\n| summarize Total = count() by ['Source Country'] = Dst_Country_Code\r\n| top 10 by Total", + "size": 0, + "title": "Top Denied Outbound Traffic by Country", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Total", + "formatter": 3, + "formatOptions": { + "palette": "coldHot" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "useGrouping": false, + "maximumFractionDigits": 2 + } + } + } + ] + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Dst_Country_Code", + "sizeSettings": "count_", + "sizeAggregation": "Sum", + "legendMetric": "count_", + "legendAggregation": "Sum", + "itemColorSettings": { + "nodeColorField": "count_", + "colorAggregation": "Sum", + "type": "heatmap", + "heatmapPalette": "greenRed" + } + } + }, + "customWidth": "50", + "name": "query - 5 - Copy - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SophosXGFirewall\r\n| where Log_Type == \"Firewall\"\r\n| where (ipv4_is_match(\"10.0.0.0\",Src_IP,8) or ipv4_is_match(\"172.16.0.0\",Src_IP,12) or ipv4_is_match(\"192.168.0.0\",Src_IP,16))\r\n| where isnotempty(Dst_Country_Code)\r\n| summarize count() by Dst_Country_Code, bin(TimeGenerated, {TimeRange:grain})\r\n", + "size": 0, + "title": "Denied Outbound Traffic by Country", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "linechart", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Total", + "formatter": 3, + "formatOptions": { + "palette": "coldHot" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "useGrouping": false, + "maximumFractionDigits": 2 + } + } + } + ] + }, + "mapSettings": { + "locInfo": "CountryRegion", + "locInfoColumn": "Dst_Country_Code", + "sizeSettings": "count_", + "sizeAggregation": "Sum", + "legendMetric": "count_", + "legendAggregation": "Sum", + "itemColorSettings": { + "nodeColorField": "count_", + "colorAggregation": "Sum", + "type": "heatmap", + "heatmapPalette": "greenRed" + } + } + }, + "customWidth": "50", + "name": "query - 5 - Copy - Copy - Copy" + } + ], + "fromTemplateId": "sentinel-UserWorkbook", + "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json" +} \ No newline at end of file diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json index 808bc70990..78c0a62433 100644 --- a/Workbooks/WorkbooksMetadata.json +++ b/Workbooks/WorkbooksMetadata.json @@ -785,6 +785,32 @@ "subtitle": "", "provider": "Azure Sentinel community" }, + { + "workbookKey": "SophosXGFirewallWorkbook", + "logoFileName": "sophos_logo.svg", + "description": "Gain insight into Sophos XG Firewall by analyzing, collecting and correlating firewall data.\nThis workbook provides visibility into network traffic", + "dataTypesDependencies": ["Syslog"], + "dataConnectorsDependencies": [ "SophosXGFirewall" ], + "previewImagesFileNames": [ "SophosXGFirewallWhite.png", "SophosXGFirewallBlack.png" ], + "version": "1.0", + "title": "Sophos XG Firewall", + "templateRelativePath": "SophosXGFirewall.json", + "subtitle": "", + "provider": "Sophos" + }, + { + "workbookKey": "OktaSingleSignOnWorkbook", + "logoFileName": "okta_logo.svg", + "description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", + "dataTypesDependencies": [ "Okta_CL" ], + "dataConnectorsDependencies": [ "OktaSSO" ], + "previewImagesFileNames": [ "OktaSingleSignOnWhite.png", "OktaSingleSignOnBlack.png" ], + "version": "1.0", + "title": "Okta Single Sign-On", + "templateRelativePath": "OktaSingleSignOn.json", + "subtitle": "", + "provider": "Okta" + }, { "workbookKey": "SysmonThreatHuntingWorkbook", "logoFileName": "sysmonthreathunting_logo.svg",