DigitalGuardianDLPEvent - add sample data

2021-06-29 17:15:50 +03:00 · 2021-06-29 17:15:50 +03:00 · 8cf36c79d9
--- a/Data/Syslog/DigitalGuardianDLPEvent.json
+++ b/Data/Syslog/DigitalGuardianDLPEvent.json
@ -0,0 +1,53 @@
+[
+    {
+        "TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+        "SourceSystem": "Linux",
+        "TimeGenerated [UTC]": "6/23/2021, 11:08:25.370 AM",
+        "Computer": "10.10.10.10",
+        "EventTime [UTC]": "6/21/2021, 7:32:40.000 AM",
+        "Facility": "user",
+        "HostName": "10.10.10.10",
+        "SeverityLevel": "notice",
+        "SyslogMessage": "08:06.380Z ABC-Manager DLP - INCADD incident_id=\"1.12815.10\" managed_device_id=\"1\" number_of_incidents=\"2\" incident_status=\"New,Audit Only\" matched_policies_by_severity=\"High:C_PHI_MRN / C_MRN_>25 \" action_taken=\"NET_NS_H\" matches=\"55\" protocol=\"SMTP\" http_url=\"\" inspected_document=\"Report_3.16-4.17__UPDATED.XLSX\" source=\"abc@cda.org\" source_ip=\"1.1.1.1\" source_port=\"21752\" destination=\"abc@bcd.edu\" destination_ip=\"2.2.2.2\" destination_port=\"25\" email_subject=\"RE: Open Encounters\" email_sender=\"abc@cde.org\" email_recipients=\"abc@bcd.edu \" timestamp=\"2021-06-23 12:06:09 PDT\" incidents_url=https://aaa.lpch.net/LoadIncidentManagement.do?m=1&id=1,27372",
+        "ProcessID": "",
+        "HostIP": "10.10.10.10",
+        "ProcessName": "<10>1",
+        "MG": "00000000-0000-0000-0000-000000000002",
+        "Type": "Syslog",
+        "_ResourceId": ""
+    },
+    {
+        "TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+        "SourceSystem": "Linux",
+        "TimeGenerated [UTC]": "6/24/2021, 12:14:42.790 PM",
+        "Computer": "10.10.10.10",
+        "EventTime [UTC]": "6/24/2021, 12:32:40.000 PM",
+        "Facility": "user",
+        "HostName": "10.10.10.10",
+        "SeverityLevel": "notice",
+        "SyslogMessage": "08:06.380Z ABC-Manager DLP - INCADD incident_id=\"1.12815.10\" managed_device_id=\"1\" number_of_incidents=\"2\" incident_status=\"New,Audit Only\" matched_policies_by_severity=\"High:C_PHI_MRN / C_MRN_>25 \" action_taken=\"NET_NS_H\" matches=\"55\" protocol=\"SMTP\" http_url=\"\" inspected_document=\"Report_3.16-4.17__UPDATED.XLSX\" source=\"abc@cda.org\" source_ip=\"1.1.1.1\" source_port=\"21752\" destination=\"abc@bcd.edu\" destination_ip=\"2.2.2.2\" destination_port=\"25\" email_subject=\"RE: Open Encounters\" email_sender=\"abc@cde.org\" email_recipients=\"abc@bcd.edu \" timestamp=\"2021-06-24 15:06:09 PDT\" incidents_url=https://aaa.lpch.net/LoadIncidentManagement.do?m=1&id=1,27372",
+        "ProcessID": "",
+        "HostIP": "10.10.10.10",
+        "ProcessName": "<10>1",
+        "MG": "00000000-0000-0000-0000-000000000002",
+        "Type": "Syslog",
+        "_ResourceId": ""
+    },
+    {
+        "TenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+        "SourceSystem": "Linux",
+        "TimeGenerated [UTC]": "6/22/2021, 7:23:32.420 AM",
+        "Computer": "10.10.10.10",
+        "EventTime [UTC]": "6/21/2021, 7:32:40.000 AM",
+        "Facility": "user",
+        "HostName": "10.10.10.10",
+        "SeverityLevel": "notice",
+        "SyslogMessage": "08:06.380Z ABC-Manager DLP - INCADD incident_id=\"1.12815.1\" managed_device_id=\"1\" number_of_incidents=\"1\" incident_status=\"New,Audit Only\" matched_policies_by_severity=\"High:C_PHI_MRN / C_MRN_>25 \" action_taken=\"NET_NS_H\" matches=\"55\" protocol=\"SMTP\" http_url=\"\" inspected_document=\"Milla_9.16-4.17__UPDATED.XLSX\" source=\"abc@cda.org\" source_ip=\"1.1.1.1\" source_port=\"21752\" destination=\"abc@bcd.edu\" destination_ip=\"2.2.2.2\" destination_port=\"25\" email_subject=\"RE: Open Encounters\" email_sender=\"abc@cde.org\" email_recipients=\"abc@bcd.edu \" timestamp=\"2017-05-11 12:06:09 PDT\" incidents_url=https://aaa.lpch.net/LoadIncidentManagement.do?m=1&id=1,27372",
+        "ProcessID": "",
+        "HostIP": "10.10.10.10",
+        "ProcessName": "<10>1",
+        "MG": "00000000-0000-0000-0000-000000000002",
+        "Type": "Syslog",
+        "_ResourceId": ""
+    }
+]