Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge pull request #1560 from techwriter-dev/nxlog-bsm-macos 

NXLog BSM macOS (Custom) data connector
This commit is contained in:
v-jayakal 2021-01-21 10:44:08 +05:30 коммит произвёл GitHub
Родитель 368628902b 76036f8a41
Коммит 570b3c3428
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
2 изменённых файлов: 624 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

95
DataConnectors/NXLogBSMmacOS.json Normal file
Просмотреть файл

@ -0,0 +1,95 @@
{
"id": "NXLogBSMmacOS",
"title": "NXLog BSM macOS",
"publisher": "NXLog",
"descriptionMarkdown": "The NXLog [BSM](https://nxlog.co/documentation/nxlog-user-guide/im_bsm.html) macOS data connector uses Suns Basic Security Module (BSM) Auditing API to read events directly from the kernel for capturing audit events on the macOS platform. This REST API connector can efficiently export macOS audit events to Azure Sentinel in real-time.",
"graphQueries": [
{
"metricName": "Total data received",
"legend": "BSMmacOS_CL",
"baseQuery": "BSMmacOS_CL"
}
],
"sampleQueries": [
{
"description" : "Most frequent event types",
"query": "BSMmacOS_CL\n| summarize EventCount = count() by EventType_s\n| where strlen(EventType_s) > 1\n| project Eventype = EventType_s, EventCount\n| order by EventCount desc\n| render barchart"
},
{
"description" : "Most frequent event names",
"query": "BSMmacOS_CL\n| summarize EventCount = count() by EventName_s\n| project EventCount, EventName = EventName_s\n| where strlen(EventName) > 1\n| order by EventCount desc\n| render barchart"
},
{
"description" : "Distribution of (notification) texts",
"query": "BSMmacOS_CL\n| summarize EventCount = count() by Text_s\n| where strlen(Text_s) > 1\n| order by EventCount\n| render piechart"
}
],
"dataTypes": [
{
"name": "BSMmacOS_CL",
"lastDataReceivedQuery": "BSMmacOS_CL | summarize Time = max(TimeGenerated) | where isnotempty(Time)"
}
],
"connectivityCriterias": [
{
"type": "IsConnectedQuery",
"value": [
"BSMmacOS_CL | summarize LastLogReceived = max(TimeGenerated) | project IsConnected = LastLogReceived > ago(30d)"
]
}
],
"availability": {
"status": 1,
"isPreview": true
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "read and write permissions are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"write": true,
"read": true,
"delete": true
}
},
{
"provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
"permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key)",
"providerDisplayName": "Keys",
"scope": "Workspace",
"requiredPermissions": {
"action": true
}
}
]
},
"instructionSteps": [
{
"title": "",
"description": "Follow the step-by-step instructions in the *NXLog User Guide* Integration Topic [Microsoft Azure Sentinel](https://nxlog.co/documentation/nxlog-user-guide/sentinel.html) to configure this connector.",
"instructions": [
{
"parameters": {
"fillWith": [
"WorkspaceId"
],
"label": "Workspace ID"
},
"type": "CopyableLabel"
},
{
"parameters": {
"fillWith": [
"PrimaryKey"
],
"label": "Primary Key"
},
"type": "CopyableLabel"
}
]
}
]
}

529
Sample Data/Custom/BSMmacOS_CL.json Normal file
Просмотреть файл

@ -0,0 +1,529 @@
[
{
"TokenVersion": "11",
"EventType": "AUE_auth_user",
"EventName": "user authentication",
"EventModifier": "",
"EventTime": "2021-01-06 21:20:50",
"SubjectAuditID": "ruser",
"SubjectUID": "ruser",
"SubjectGID": "staff",
"SubjectRealUID": "root",
"SubjectRealGID": "staff",
"SubjectPID": "159",
"SubjectSID": "100006",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:316",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "Verify password for record type Users 'ruser' node '/Local/Default'",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.opendirectoryd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x4ab4c898fd4a994fd267ed1edeb21b9c9b5cb70f",
"TrailerCount": "198",
"EventReceivedTime": "2021-01-06T21:20:50.761144-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
},
{
"TokenVersion": "11",
"EventType": "AUE_ssauthorize",
"EventName": "SecSrvr AuthEngine",
"EventModifier": "",
"EventTime": "2021-01-06 21:23:33",
"SubjectAuditID": "4294967295",
"SubjectUID": "root",
"SubjectGID": "wheel",
"SubjectRealUID": "root",
"SubjectRealGID": "wheel",
"SubjectPID": "159",
"SubjectSID": "100006",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:316",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "begin evaluation",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.authd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x9120b9dcb969ee1e8fbdb63bd428e263111e9e9c",
"TrailerCount": "138",
"EventReceivedTime": "2021-01-06T21:23:33.308356-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
},
{
"TokenVersion": "11",
"EventType": "AUE_ssauthorize",
"EventName": "SecSrvr AuthEngine",
"EventModifier": "",
"EventTime": "2021-01-06 21:23:33",
"SubjectAuditID": "4294967295",
"SubjectUID": "root",
"SubjectGID": "wheel",
"SubjectRealUID": "root",
"SubjectRealGID": "wheel",
"SubjectPID": "159",
"SubjectSID": "100006",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:316",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "system.login.fus",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.authd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x9120b9dcb969ee1e8fbdb63bd428e263111e9e9c",
"TrailerCount": "158",
"EventReceivedTime": "2021-01-06T21:23:33.309622-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
},
{
"TokenVersion": "11",
"EventType": "AUE_ssauthmech",
"EventName": "SecSrvr AuthMechanism",
"EventModifier": "",
"EventTime": "2021-01-06 21:23:33",
"SubjectAuditID": "4294967295",
"SubjectUID": "root",
"SubjectGID": "wheel",
"SubjectRealUID": "root",
"SubjectRealGID": "wheel",
"SubjectPID": "159",
"SubjectSID": "100006",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:316",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "mechanism builtin:smartcard-sniffer,privileged",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.authd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x9120b9dcb969ee1e8fbdb63bd428e263111e9e9c",
"TrailerCount": "188",
"EventReceivedTime": "2021-01-06T21:23:33.337214-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
},
{
"TokenVersion": "11",
"EventType": "AUE_ssauthmech",
"EventName": "SecSrvr AuthMechanism",
"EventModifier": "",
"EventTime": "2021-01-06 21:23:38",
"SubjectAuditID": "4294967295",
"SubjectUID": "root",
"SubjectGID": "wheel",
"SubjectRealUID": "root",
"SubjectRealGID": "wheel",
"SubjectPID": "159",
"SubjectSID": "100006",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:316",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "mechanism loginwindow:login",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.authd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x9120b9dcb969ee1e8fbdb63bd428e263111e9e9c",
"TrailerCount": "169",
"EventReceivedTime": "2021-01-06T21:23:38.641095-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
},
{
"TokenVersion": "11",
"EventType": "AUE_ssauthmech",
"EventName": "SecSrvr AuthMechanism",
"EventModifier": "",
"EventTime": "2021-01-06 21:23:38",
"SubjectAuditID": "4294967295",
"SubjectUID": "root",
"SubjectGID": "wheel",
"SubjectRealUID": "root",
"SubjectRealGID": "wheel",
"SubjectPID": "159",
"SubjectSID": "100006",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:316",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "mechanism builtin:reset-password,privileged",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.authd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x9120b9dcb969ee1e8fbdb63bd428e263111e9e9c",
"TrailerCount": "185",
"EventReceivedTime": "2021-01-06T21:23:38.646485-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
},
{
"TokenVersion": "11",
"EventType": "AUE_ssauthmech",
"EventName": "SecSrvr AuthMechanism",
"EventModifier": "",
"EventTime": "2021-01-06 21:23:38",
"SubjectAuditID": "4294967295",
"SubjectUID": "root",
"SubjectGID": "wheel",
"SubjectRealUID": "root",
"SubjectRealGID": "wheel",
"SubjectPID": "159",
"SubjectSID": "100006",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:316",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "mechanism builtin:authenticate-nocred,privileged",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.authd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x9120b9dcb969ee1e8fbdb63bd428e263111e9e9c",
"TrailerCount": "190",
"EventReceivedTime": "2021-01-06T21:23:38.892300-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
},
{
"TokenVersion": "11",
"EventType": "AUE_ssauthmech",
"EventName": "SecSrvr AuthMechanism",
"EventModifier": "",
"EventTime": "2021-01-06 21:23:39",
"SubjectAuditID": "4294967295",
"SubjectUID": "root",
"SubjectGID": "wheel",
"SubjectRealUID": "root",
"SubjectRealGID": "wheel",
"SubjectPID": "159",
"SubjectSID": "100006",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:316",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "mechanism loginwindow:success",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.authd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x9120b9dcb969ee1e8fbdb63bd428e263111e9e9c",
"TrailerCount": "171",
"EventReceivedTime": "2021-01-06T21:23:39.093626-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
},
{
"TokenVersion": "11",
"EventType": "AUE_ssauthorize",
"EventName": "SecSrvr AuthEngine",
"EventModifier": "",
"EventTime": "2021-01-06 21:23:39",
"SubjectAuditID": "4294967295",
"SubjectUID": "root",
"SubjectGID": "wheel",
"SubjectRealUID": "root",
"SubjectRealGID": "wheel",
"SubjectPID": "159",
"SubjectSID": "100006",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:316",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "creator /System/Library/CoreServices/loginwindow.app",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.authd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x9120b9dcb969ee1e8fbdb63bd428e263111e9e9c",
"TrailerCount": "249",
"EventReceivedTime": "2021-01-06T21:23:39.287141-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
},
{
"TokenVersion": "11",
"EventType": "AUE_ssauthorize",
"EventName": "SecSrvr AuthEngine",
"EventModifier": "",
"EventTime": "2021-01-06 21:23:39",
"SubjectAuditID": "4294967295",
"SubjectUID": "root",
"SubjectGID": "wheel",
"SubjectRealUID": "root",
"SubjectRealGID": "wheel",
"SubjectPID": "159",
"SubjectSID": "100006",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:316",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "end evaluation",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.authd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x9120b9dcb969ee1e8fbdb63bd428e263111e9e9c",
"TrailerCount": "136",
"EventReceivedTime": "2021-01-06T21:23:39.290938-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
},
{
"TokenVersion": "11",
"EventType": "AUE_ssauthorize",
"EventName": "SecSrvr AuthEngine",
"EventModifier": "",
"EventTime": "2021-01-06 21:23:39",
"SubjectAuditID": "4294967295",
"SubjectUID": "root",
"SubjectGID": "wheel",
"SubjectRealUID": "root",
"SubjectRealGID": "wheel",
"SubjectPID": "1031",
"SubjectSID": "100061",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:2693",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "begin evaluation",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.authd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x9120b9dcb969ee1e8fbdb63bd428e263111e9e9c",
"TrailerCount": "138",
"EventReceivedTime": "2021-01-06T21:23:39.702351-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
},
{
"TokenVersion": "11",
"EventType": "AUE_ssauthmech",
"EventName": "SecSrvr AuthMechanism",
"EventModifier": "",
"EventTime": "2021-01-06 21:23:40",
"SubjectAuditID": "4294967295",
"SubjectUID": "root",
"SubjectGID": "wheel",
"SubjectRealUID": "root",
"SubjectRealGID": "wheel",
"SubjectPID": "1031",
"SubjectSID": "100061",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:2693",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "mechanism loginwindow:FDESupport,privileged",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.authd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x9120b9dcb969ee1e8fbdb63bd428e263111e9e9c",
"TrailerCount": "189",
"EventReceivedTime": "2021-01-06T21:23:40.520165-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
},
{
"TokenVersion": "11",
"EventType": "AUE_ssauthmech",
"EventName": "SecSrvr AuthMechanism",
"EventModifier": "",
"EventTime": "2021-01-06 21:23:40",
"SubjectAuditID": "4294967295",
"SubjectUID": "root",
"SubjectGID": "wheel",
"SubjectRealUID": "root",
"SubjectRealGID": "wheel",
"SubjectPID": "1031",
"SubjectSID": "100061",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:2693",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "mechanism builtin:forward-login,privileged",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.authd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x9120b9dcb969ee1e8fbdb63bd428e263111e9e9c",
"TrailerCount": "188",
"EventReceivedTime": "2021-01-06T21:23:40.526217-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
},
{
"TokenVersion": "11",
"EventType": "AUE_ssauthmech",
"EventName": "SecSrvr AuthMechanism",
"EventModifier": "",
"EventTime": "2021-01-06 21:23:40",
"SubjectAuditID": "4294967295",
"SubjectUID": "root",
"SubjectGID": "wheel",
"SubjectRealUID": "root",
"SubjectRealGID": "wheel",
"SubjectPID": "1031",
"SubjectSID": "100061",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:2693",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "mechanism PKINITMechanism:auth,privileged",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.authd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x9120b9dcb969ee1e8fbdb63bd428e263111e9e9c",
"TrailerCount": "187",
"EventReceivedTime": "2021-01-06T21:23:40.875058-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
},
{
"TokenVersion": "11",
"EventType": "AUE_ssauthmech",
"EventName": "SecSrvr AuthMechanism",
"EventModifier": "",
"EventTime": "2021-01-06 21:23:41",
"SubjectAuditID": "4294967295",
"SubjectUID": "root",
"SubjectGID": "wheel",
"SubjectRealUID": "root",
"SubjectRealGID": "wheel",
"SubjectPID": "1031",
"SubjectSID": "100061",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:2693",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "mechanism HomeDirMechanism:login,privileged",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.authd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x9120b9dcb969ee1e8fbdb63bd428e263111e9e9c",
"TrailerCount": "189",
"EventReceivedTime": "2021-01-06T21:23:41.105265-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
},
{
"TokenVersion": "11",
"EventType": "AUE_ssauthmech",
"EventName": "SecSrvr AuthMechanism",
"EventModifier": "",
"EventTime": "2021-01-06 21:23:41",
"SubjectAuditID": "4294967295",
"SubjectUID": "root",
"SubjectGID": "wheel",
"SubjectRealUID": "root",
"SubjectRealGID": "wheel",
"SubjectPID": "1031",
"SubjectSID": "100061",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:2693",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "mechanism CryptoTokenKit:login",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.authd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x9120b9dcb969ee1e8fbdb63bd428e263111e9e9c",
"TrailerCount": "176",
"EventReceivedTime": "2021-01-06T21:23:41.467223-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
},
{
"TokenVersion": "11",
"EventType": "AUE_ssauthorize",
"EventName": "SecSrvr AuthEngine",
"EventModifier": "",
"EventTime": "2021-01-06 21:23:43",
"SubjectAuditID": "ruser2",
"SubjectUID": "ruser2",
"SubjectGID": "staff",
"SubjectRealUID": "ruser2",
"SubjectRealGID": "staff",
"SubjectPID": "1045",
"SubjectSID": "100061",
"SubjectTerminal": "",
"SubjectTerminal.Port": "0:2740",
"SubjectTerminal.Host": "0.0.0.0",
"Text": "system.services.systemconfiguration.network",
"ReturnErrno": "success",
"ReturnRetval": "0",
"Identity": "",
"Identity.SignerType": "1",
"Identity.SignerId": "com.apple.authd",
"Identity.SignerIdTruncated": "0",
"Identity.TeamId": "",
"Identity.TeamIdTruncated": "0",
"Identity.CDHash": "0x9120b9dcb969ee1e8fbdb63bd428e263111e9e9c",
"TrailerCount": "212",
"EventReceivedTime": "2021-01-06T21:23:43.509730-08:00",
"SourceModuleName": "BSMmacOS",
"SourceModuleType": "im_bsm"
}
]