adding Eset SMC parser (#476)
* adding Eset SMC parser * Eset SMC data connector * remove files no longer needed * enhanced conn., added workbook and detections Co-authored-by: Tomas Kubica <tokubica@microsoft.com>
This commit is contained in:
Tomáš Kubica
GitHub
Родитель
acfeea39d1
Коммит
a005dc7940
|
|
@ -0,0 +1,145 @@
|
|||
{
|
||||
"id": "EsetSMC",
|
||||
"title": "Eset Security Management Center",
|
||||
"publisher": "Eset",
|
||||
"descriptionMarkdown": "Connector for [Eset SMC](https://help.eset.com/esmc_admin/70/en-US/) threat events, audit logs, firewall events and web sites filter.",
|
||||
"graphQueries": [
|
||||
{
|
||||
"metricName": "Total data received",
|
||||
"legend": "eset_CL",
|
||||
"baseQuery": "eset_CL"
|
||||
}
|
||||
],
|
||||
"sampleQueries": [
|
||||
{
|
||||
"description" : "Query Eset firewall events",
|
||||
"query": "eset_CL\r\n| where event_type_s == 'FirewallAggregated_Event'\r\n| sort by TimeGenerated desc"
|
||||
},
|
||||
{
|
||||
"description" : "Query Eset threat events",
|
||||
"query": "eset_CL\r\n| where event_type_s == 'Threat_Event'\r\n| sort by TimeGenerated desc"
|
||||
},
|
||||
{
|
||||
"description" : "Query Eset threat events from Real-time file system protection",
|
||||
"query": "eset_CL\r\n| where event_type_s == 'Threat_Event'\r\n| where scanner_id_s == 'Real-time file system protection'\r\n| sort by TimeGenerated desc"
|
||||
},
|
||||
{
|
||||
"description" : "Query Eset threat events from On-demand scanner",
|
||||
"query": "eset_CL\r\n| where event_type_s == 'Threat_Event'\r\n| where scanner_id_s == 'On-demand scanner'\r\n| sort by TimeGenerated desc"
|
||||
},
|
||||
{
|
||||
"description" : "Top hosts by number of threat events",
|
||||
"query": "eset_CL\r\n| where event_type_s == 'Threat_Event'\r\n| summarize threat_events_count = count() by hostname_s\r\n| sort by threat_events_count desc"
|
||||
},
|
||||
{
|
||||
"description" : "Top threats",
|
||||
"query": "eset_CL\r\n| where event_type_s == 'Threat_Event'\r\n| summarize threat_events_count = count() by threat_name_s\r\n| sort by threat_events_count desc"
|
||||
},
|
||||
{
|
||||
"description" : "Query Eset web sites filter",
|
||||
"query": "eset_CL\r\n| where event_type_s == 'FilteredWebsites_Event'\r\n| sort by TimeGenerated desc"
|
||||
},
|
||||
{
|
||||
"description" : "Query Eset audit events",
|
||||
"query": "eset_CL\r\n| where event_type_s == 'Audit_Event'\r\n| sort by TimeGenerated desc"
|
||||
}
|
||||
],
|
||||
"dataTypes": [
|
||||
{
|
||||
"name": "eset_CL",
|
||||
"lastDataReceivedQuery": "eset_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
|
||||
}
|
||||
],
|
||||
"connectivityCriterias": [
|
||||
{
|
||||
"type": "IsConnectedQuery",
|
||||
"value": [
|
||||
"eset_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
|
||||
]
|
||||
}
|
||||
],
|
||||
"availability": {
|
||||
"status": 1
|
||||
},
|
||||
"permissions": {
|
||||
"resourceProvider": [
|
||||
{
|
||||
"provider": "Microsoft.OperationalInsights/workspaces",
|
||||
"permissionsDisplayText": "read and write permissions are required.",
|
||||
"providerDisplayName": "Workspace",
|
||||
"scope": "Workspace",
|
||||
"requiredPermissions": {
|
||||
"write": true,
|
||||
"read": true,
|
||||
"delete": true
|
||||
}
|
||||
}
|
||||
],
|
||||
"customs": [
|
||||
{
|
||||
"name": "Access to Eset SMC console",
|
||||
"description": "Permissions to configure log export"
|
||||
}
|
||||
]
|
||||
},
|
||||
"instructionSteps": [
|
||||
{
|
||||
"title": "1. Install and onboard the agent for Linux",
|
||||
"description": "Typically, you should install the agent on a different computer from the one on which the logs are generated.\n\n> Syslog logs are collected only from **Linux** agents.",
|
||||
"instructions": [
|
||||
{
|
||||
"parameters": {
|
||||
"title": "Choose where to install the agent:",
|
||||
"instructionSteps": [
|
||||
{
|
||||
"title": "Install agent on Azure Linux Virtual Machine",
|
||||
"description": "Select the machine to install the agent on and then click **Connect**.",
|
||||
"instructions": [
|
||||
{
|
||||
"parameters": {
|
||||
"linkType": "InstallAgentOnLinuxVirtualMachine"
|
||||
},
|
||||
"type": "InstallAgent"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Install agent on a non-Azure Linux Machine",
|
||||
"description": "Download the agent on the relevant machine and follow the instructions.",
|
||||
"instructions": [
|
||||
{
|
||||
"parameters": {
|
||||
"linkType": "InstallAgentOnLinuxNonAzure"
|
||||
},
|
||||
"type": "InstallAgent"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"type": "InstructionStepsGroup"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "2. Configure the logs to be collected",
|
||||
"description": "Configure rsyslog to accept logs from your Eset SMC IP address.\n\n```\nsudo -i\r\n\r\n# Set ESET SMC source IP address\r\nexport ESETIP={Enter your IP address}\r\n\r\n# Create rsyslog configuration file\r\ncat > \/etc\/rsyslog.d\/80-remote.conf << EOF\r\n\\$ModLoad imudp\r\n\\$UDPServerRun 514\r\n\\$ModLoad imtcp\r\n\\$InputTCPServerRun 514\r\n\\$AllowedSender TCP, 127.0.0.1, $ESETIP\r\n\\$AllowedSender UDP, 127.0.0.1, $ESETIP\r\nuser.=alert;user.=crit;user.=debug;user.=emerg;user.=err;user.=info;user.=notice;user.=warning @127.0.0.1:25224\r\nEOF\r\n\r\n# Restart rsyslog\r\nsystemctl restart rsyslog```"
|
||||
},
|
||||
{
|
||||
"title": "3. Configure OMS agent to pass Eset SMC data in API format",
|
||||
"description": "In order to easily recognize Eset data we will push it to separate table and parse at agent so query in Sentinel is easier and fast. To make it simple we will just modify ```match oms.**``` section to send data as API objects by changing type to out_oms_api. Modify file on \/etc\/opt\/microsoft\/omsagent\/{REPLACEyourworkspaceid}\/conf\/omsagent.conf. Full ```match oms.**``` section looks like this:\r\n\r\n```\r\n<match oms.** docker.**>\r\n type out_oms_api\r\n log_level info\r\n num_threads 5\r\n run_in_background false\r\n\r\n omsadmin_conf_path \/etc\/opt\/microsoft\/omsagent\/{REPLACEyourworkspaceid}\/conf\/omsadmin.conf\r\n cert_path \/etc\/opt\/microsoft\/omsagent\/{REPLACEyourworkspaceid}\/certs\/oms.crt\r\n key_path \/etc\/opt\/microsoft\/omsagent\/{REPLACEyourworkspaceid}\/certs\/oms.key\r\n\r\n buffer_chunk_limit 15m\r\n buffer_type file\r\n buffer_path \/var\/opt\/microsoft\/omsagent\/{REPLACEyourworkspaceid}\/state\/out_oms_common*.buffer\r\n\r\n buffer_queue_limit 10\r\n buffer_queue_full_action drop_oldest_chunk\r\n flush_interval 20s\r\n retry_limit 10\r\n retry_wait 30s\r\n max_retry_wait 9m\r\n<\/match>\r\n```\r\n"
|
||||
},
|
||||
{
|
||||
"title": "4. Change OMS agent configuration to catch tag oms.api.eset and parse structured data",
|
||||
"description": "Modify file /etc/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/conf/omsagent.d/syslog.conf\n```\r\n<source>\r\n type syslog\r\n port 25224\r\n bind 127.0.0.1\r\n protocol_type udp\r\n tag oms.api.eset\r\n<\/source>\r\n\r\n<filter oms.api.**>\r\n @type parser\r\n key_name message\r\n format \/(?<message>.*?{.*})\/\r\n<\/filter>\r\n\r\n<filter oms.api.**>\r\n @type parser\r\n key_name message\r\n format json\r\n<\/filter>\r\n```"
|
||||
},
|
||||
{
|
||||
"title": "5. Disable automatic configuration and restart agent",
|
||||
"description": "```bash\r\n# Disable changes to configuration files from Portal\r\nsudo su omsagent -c 'python \/opt\/microsoft\/omsconfig\/Scripts\/OMS_MetaConfigHelper.py --disable'\r\n\r\n# Restart agent\r\nsudo \/opt\/microsoft\/omsagent\/bin\/service_control restart\r\n\r\n# Check agent logs\r\ntail -f \/var\/opt\/microsoft\/omsagent\/log\/omsagent.log\r\n```"
|
||||
},
|
||||
{
|
||||
"title": "6. Configure Eset SMC to send logs to connector",
|
||||
"description": "Configure Eset Logs using BSD style and JSON format.\r\n- Go to Syslog server configuration as described in [Eset documentation](https://help.eset.com/esmc_admin/70/en-US/admin_server_settings.html?admin_server_settings_syslog.html) and configure Host (your connector), Format BSD, Transport TCP\r\n- Go to Logging section as described in [Eset documentation](https://help.eset.com/esmc_admin/70/en-US/admin_server_settings.html?admin_server_settings_export_to_syslog.html) and enable JSON"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
id: 84ad2f8a-b64c-49bc-b669-bdb4fd3071e9
|
||||
name: Web sites blocked by Eset
|
||||
description: |
|
||||
'Create alert on web sites blocked by Eset.'
|
||||
severity: Low
|
||||
requiredDataConnectors:
|
||||
- connectorId: EsetSMC
|
||||
dataTypes:
|
||||
- eset_CL
|
||||
queryFrequency: 5m
|
||||
queryPeriod: 5m
|
||||
triggerOperator: gt
|
||||
triggerThreshold: 0
|
||||
tactics:
|
||||
- Exfiltration
|
||||
- CommandAndControl
|
||||
- InitialAccess
|
||||
query: |
|
||||
eset_CL
|
||||
| where event_type_s == 'FilteredWebsites_Event'
|
||||
| extend AccountCustomEntity = username_s, URLCustomEntity = object_uri_s, HostCustomEntity = hostname_s, IPCustomEntity = ipv4_s
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
id: 2d8a60aa-c15e-442e-9ce3-ee924889d2a6
|
||||
name: Threats detected by Eset
|
||||
description: |
|
||||
'Escalates threats detected by Eset.'
|
||||
severity: Low
|
||||
requiredDataConnectors:
|
||||
- connectorId: EsetSMC
|
||||
dataTypes:
|
||||
- eset_CL
|
||||
queryFrequency: 5m
|
||||
queryPeriod: 5m
|
||||
triggerOperator: gt
|
||||
triggerThreshold: 0
|
||||
tactics:
|
||||
- Execution
|
||||
- CredentialAccess
|
||||
- PrivilegeEscalation
|
||||
query: |
|
||||
eset_CL
|
||||
| where event_type_s == "Threat_Event"
|
||||
| extend HostCustomEntity = hostname_s, AccountCustomEntity = username_s, IPCustomEntity = ipv4_s
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
<?xml version="1.0" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
|
||||
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
|
||||
<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
|
||||
width="689.000000pt" height="349.000000pt" viewBox="0 0 689.000000 349.000000"
|
||||
preserveAspectRatio="xMidYMid meet">
|
||||
|
||||
<g transform="translate(0.000000,349.000000) scale(0.100000,-0.100000)"
|
||||
fill="#000000" stroke="none">
|
||||
<path d="M5903 2854 c-46 -23 -69 -76 -54 -126 13 -42 58 -78 99 -78 55 0 112
|
||||
56 112 110 0 37 -30 81 -65 96 -43 18 -52 17 -92 -2z m115 -40 c31 -36 29 -79
|
||||
-7 -115 -69 -68 -177 3 -140 93 25 60 103 72 147 22z"/>
|
||||
<path d="M5910 2760 c0 -27 5 -50 10 -50 6 0 10 9 10 20 0 11 4 20 10 20 5 0
|
||||
15 -9 22 -20 7 -11 19 -20 27 -20 11 0 10 4 -2 24 -11 16 -13 26 -5 34 20 20
|
||||
1 42 -37 42 l-35 0 0 -50z m56 29 c3 -6 0 -15 -7 -20 -22 -14 -29 -11 -29 11
|
||||
0 21 24 27 36 9z"/>
|
||||
<path d="M1280 2730 c-133 -35 -234 -92 -331 -189 -95 -96 -131 -157 -172
|
||||
-301 -76 -261 -76 -746 -1 -1010 41 -142 77 -205 173 -301 70 -70 103 -94 178
|
||||
-132 180 -89 -26 -82 2323 -82 2348 0 2123 -8 2310 83 132 64 239 170 299 293
|
||||
80 166 118 422 108 719 -10 269 -39 423 -109 569 -72 150 -223 277 -403 339
|
||||
l-80 27 -2110 2 c-2060 2 -2112 2 -2185 -17z m2280 -995 l0 -845 -1087 2
|
||||
-1088 3 -75 29 c-302 115 -420 344 -420 811 0 412 100 650 320 764 162 84 88
|
||||
80 1288 80 l1062 1 0 -845z m913 474 c178 -38 243 -139 254 -391 l6 -128 -318
|
||||
0 -317 0 7 -67 c13 -128 49 -163 170 -163 98 0 155 35 155 95 0 13 25 15 150
|
||||
15 l150 0 0 -38 c0 -58 -26 -133 -61 -175 -65 -78 -169 -107 -394 -107 -208 0
|
||||
-298 23 -373 94 -76 71 -102 171 -102 396 0 359 73 455 365 484 62 6 250 -3
|
||||
308 -15z m1197 -104 l0 -115 -110 0 -110 0 0 -370 0 -370 -160 0 -160 0 0 370
|
||||
0 370 -110 0 -110 0 0 115 0 115 380 0 380 0 0 -115z"/>
|
||||
<path d="M1573 2196 c-154 -35 -224 -108 -252 -262 -16 -86 -14 -347 4 -422
|
||||
49 -207 170 -270 498 -259 198 6 253 22 322 92 51 50 66 83 80 173 l7 42 -144
|
||||
0 -144 0 -10 -37 c-15 -58 -48 -76 -146 -77 -144 -2 -178 29 -186 167 l-5 77
|
||||
318 0 318 0 -7 102 c-10 138 -21 193 -54 258 -32 64 -91 113 -165 136 -72 23
|
||||
-348 29 -434 10z m309 -197 c27 -15 48 -64 48 -114 l0 -45 -166 0 -167 0 6 57
|
||||
c7 67 35 102 94 114 44 9 160 1 185 -12z"/>
|
||||
<path d="M2650 2197 c-86 -19 -141 -57 -174 -118 -24 -43 -30 -67 -34 -144 -7
|
||||
-143 23 -210 113 -251 71 -33 139 -44 321 -52 181 -9 193 -15 202 -100 4 -44
|
||||
1 -54 -21 -76 -25 -25 -31 -26 -136 -26 -64 0 -121 5 -136 12 -27 12 -55 54
|
||||
-55 83 0 13 -21 15 -146 15 l-147 0 6 -57 c12 -116 76 -188 192 -218 71 -18
|
||||
369 -21 461 -4 185 34 273 144 262 329 -11 191 -91 240 -415 254 -152 7 -198
|
||||
17 -213 46 -12 22 -13 90 -2 107 14 23 64 33 156 33 99 0 137 -15 151 -60 6
|
||||
-19 16 -20 141 -20 l134 0 0 44 c0 89 -47 151 -139 188 -50 19 -78 22 -261 24
|
||||
-137 2 -223 -1 -260 -9z"/>
|
||||
<path d="M4220 2013 c-76 -13 -101 -40 -114 -120 l-6 -43 165 0 165 0 -6 43
|
||||
c-9 56 -30 96 -57 106 -30 11 -116 20 -147 14z"/>
|
||||
</g>
|
||||
</svg>
|
||||
|
После Ширина: | Высота: | Размер: 2.8 KiB |
|
|
@ -0,0 +1,121 @@
|
|||
TenantId,SourceSystem,MG,ManagementGroupName,TimeGenerated,Computer,RawData,"source_address_s","source_address_type_s","source_port_d","target_port_d","protocol_s","inbound_b","aggregate_count_d","threat_type_s","threat_name_s","scanner_id_s","scan_id_s","engine_version_s","object_type_s","object_uri_s","action_taken_s","threat_handled_b","need_restart_b","username_s","processname_s","circumstances_s","firstseen_s","hash_s","threat_flags_s","event_s","target_address_s","target_address_type_s","rule_id_s","event_type_s","ipv4_s","hostname_s","source_uuid_g","occured_s","severity_s","domain_s","action_s","target_s","detail_s","user_s","result_s","tomas_s","host_s","ident_s","pid_s",Message,Type,"_ResourceId"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T04:17:14.956Z",,,"104.210.223.108",IPv4,47616,7903,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 04:16:48",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T04:15:14.947Z",,,"52.151.48.160",IPv4,20480,36325,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 04:14:39",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T04:12:14.044Z",,,"52.142.4.200",IPv4,27648,13636,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 04:11:43",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T04:05:15.018Z",,,"52.151.48.160",IPv4,20480,29600,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 04:04:34",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T04:01:13.862Z",,,"52.142.4.200",IPv4,27648,32605,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 04:00:37",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T03:55:13.816Z",,,"52.151.48.160",IPv4,20480,16221,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 03:54:19",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T03:53:14.48Z",,,"52.158.224.224",IPv4,2048,46082,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 03:52:23",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T03:45:14.316Z",,,"52.151.48.160",IPv4,20480,9569,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 03:44:09",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T03:43:13.654Z",,,"52.158.224.224",IPv4,2048,21862,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 03:42:14",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T03:38:13.736Z",,,"52.151.34.98",IPv4,2560,33652,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 03:37:33",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T03:32:13.592Z",,,"52.158.224.224",IPv4,2048,25825,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 03:31:26",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T03:24:13.492Z",,,"52.151.34.98",IPv4,2560,8498,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 03:23:45",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T03:21:13.534Z",,,"52.158.224.224",IPv4,23552,34099,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 03:20:50",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T03:13:13.694Z",,,"52.151.34.98",IPv4,2560,36184,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 03:12:07",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T03:11:14.331Z",,,"52.158.224.224",IPv4,23552,31796,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 03:10:30",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T03:02:13.597Z",,,"52.151.34.98",IPv4,21504,47205,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 03:01:13",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T03:01:13.679Z",,,"52.158.224.224",IPv4,23552,39253,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 03:00:04",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:52:13.23Z",,,"52.151.34.98",IPv4,12800,17863,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:51:08",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:51:13.597Z",,,"52.158.224.224",IPv4,23552,6089,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:50:00",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:46:13.329Z",,,"40.87.126.65",IPv4,8192,21431,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:45:02",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:42:13.511Z",,,"52.151.34.98",IPv4,12800,17283,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:41:05",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:35:13.778Z",,,"40.87.126.65",IPv4,8192,20465,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:34:42",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:32:13.059Z",,,"104.214.61.145",IPv4,28672,12938,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:31:33",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:32:13.059Z",,,"52.151.34.98",IPv4,12800,23272,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:31:02",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:26:12.976Z",,,"13.65.190.53",IPv4,38912,24261,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:25:43",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:25:12.935Z",,,"40.87.126.65",IPv4,8192,16110,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:24:17",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:22:13.025Z",,,"104.214.61.145",IPv4,28672,5306,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:21:25",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:20:13.018Z",,,"52.151.34.98",IPv4,12800,16225,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:19:18",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:16:13.687Z",,,"13.65.190.53",IPv4,38912,42780,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:15:01",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:14:12.896Z",,,"40.87.126.65",IPv4,8192,12962,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:13:06",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:12:12.795Z",,,"104.214.61.145",IPv4,28672,24077,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:11:20",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:05:12.722Z",,,"13.65.190.53",IPv4,38912,23545,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:04:30",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:04:12.747Z",,,"52.151.3.16",IPv4,7168,26809,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:03:27",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:03:13.145Z",,,"104.211.54.35",IPv4,6656,31125,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:02:56",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T02:02:12.843Z",,,"104.214.61.145",IPv4,28672,8621,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 02:01:07",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T01:55:12.646Z",,,"13.65.190.53",IPv4,38912,36437,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 01:54:25",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T01:52:12.626Z",,,"104.211.54.35",IPv4,6656,26086,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 01:51:52",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T01:52:12.626Z",,,"52.151.3.16",IPv4,7168,8390,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 01:51:22",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T01:42:12.616Z",,,"52.151.3.16",IPv4,7168,36179,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 01:41:15",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-04T01:42:12.616Z",,,"104.211.54.35",IPv4,6656,21455,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","04-Jul-2020 01:41:18",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T22:17:10.382Z",,,"52.151.34.98",IPv4,4096,27433,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 22:16:25",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T22:06:10.428Z",,,"52.151.34.98",IPv4,4096,44562,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 22:05:35",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T21:56:10.178Z",,,"52.151.34.98",IPv4,4096,7874,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 21:55:16",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T21:56:10.178Z",,,"52.142.4.200",IPv4,2048,15194,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 21:55:30",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T21:45:10.207Z",,,"52.151.34.98",IPv4,4096,40133,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 21:44:51",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T21:43:10.037Z",,,"52.142.4.200",IPv4,2048,15198,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 21:42:18",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T21:42:10.04Z",,,"40.117.128.91",IPv4,20480,48669,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 21:41:36",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T21:32:11.047Z",,,"40.117.128.91",IPv4,20480,49087,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 21:31:16",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T21:30:10.049Z",,,"52.142.4.200",IPv4,2048,28343,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 21:29:42",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T21:27:09.869Z",,,"157.55.190.126",IPv4,45056,22555,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 21:26:27",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T21:21:09.843Z",,,"40.117.128.91",IPv4,20480,26863,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 21:20:07",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T21:17:10.045Z",,,"157.55.190.126",IPv4,45056,1670,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 21:16:13",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T21:11:09.816Z",,,"104.211.54.35",IPv4,26112,46755,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 21:10:06",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T21:10:09.701Z",,,"40.117.128.91",IPv4,20480,43212,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 21:09:55",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T21:07:09.877Z",,,"157.55.190.126",IPv4,45056,45345,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 21:06:01",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T21:00:09.595Z",,,"104.211.54.35",IPv4,26112,32300,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 20:59:50",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T20:56:09.666Z",,,"157.55.190.126",IPv4,45056,29076,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 20:55:30",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T20:50:09.491Z",,,"104.211.54.35",IPv4,26112,48375,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 20:49:03",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T20:39:09.426Z",,,"104.211.54.35",IPv4,26112,24838,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 20:38:59",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T20:25:29.491Z",,,,,null,null,,null,null,trojan,"Win32/Agent.UAW","On-demand scanner","ndl3607692072.dat","21596 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX0/keygen-step-4.exe/hjjgaa.exe","cleaned by deleting",true,false,,,,,951627588BBD1692886AC90FE1E590324E4E75B5,Variant,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:06:31",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T20:25:29.491Z",,,,,null,null,,null,null,application,"Win32/RiskWare.Mimikatz.B","On-demand scanner","ndl3607692072.dat","21596 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX0/keygen-step-4.exe/full.exe","cleaned by deleting",true,false,,,,,8807FEE1C56F67A1487A9223CA341AAE966A6E68,Variant,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:06:31",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T20:25:29.491Z",,,,,null,null,,null,null,trojan,"Generik.FMTXQFE","On-demand scanner","ndl3607692072.dat","21596 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX0/keygen-step-4.exe/Setup.exe","cleaned by deleting",true,false,,,,,1456DB16388CA3CDB1DE211CA7B82794D7568E76,Variant,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:06:31",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T20:25:29.491Z",,,,,null,null,,null,null,,,"On-demand scanner","ndl3607692072.dat","21596 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX0/keygen-step-4.exe","cleaned by deleting",true,false,,,,,AFEB1E90D50243A00948B9FEDDD652C750EE6B33,"multiple threats",,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:06:31",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T20:25:29.491Z",,,,,null,null,,null,null,trojan,"Win32/Spy.Socelars.S","On-demand scanner","ndl3607692072.dat","21596 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX0/keygen-step-4.exe/Install.exe","cleaned by deleting",true,false,,,,,77B474E7A0DD9922D3A18C6EFBDF9E8875B5C1B8,Variant,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:06:31",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T20:25:29.491Z",,,,,null,null,,null,null,trojan,"Win32/Spy.Socelars.AD","On-demand scanner","ndl3607692072.dat","21596 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX0/keygen-step-4.exe/id6.exe","cleaned by deleting",true,false,,,,,59254A9A739E9E9458DF96D39B95261093B4786E,,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:06:31",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T20:25:29.491Z",,,,,null,null,,null,null,trojan,"Win32/Spy.Socelars.S","On-demand scanner","ndl3607692072.dat","21596 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX0/keygen-step-4.exe/Install.exe/{app}\searzar.exe","cleaned by deleting",true,false,,,,,CF9869CADAEA620D0D35E3586ADA98D762BDCE83,Variant,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:06:31",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T20:25:29.491Z",,,,,null,null,,null,null,trojan,"Win32/PSW.Agent.OJK","On-demand scanner","ndl3607692072.dat","21596 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX0/keygen-step-4.exe/wyfdggaa.exe","cleaned by deleting",true,false,,,,,FC4CE93026029AB195945D07874D68E110D231E3,Variant,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:06:31",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:51:09.379Z",,,,,null,null,,null,null,,,,,,,,,null,null,,,,,,,,,,,"Audit_Event","172.16.0.7",esetsmc,"9da3a105-e1a8-4692-86dd-cfc68809f0a6","03-Jul-2020 19:50:53",Information,"Native user",Logout,Administrator,"Logging out native user 'Administrator'.",Administrator,Success,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:43:08.822Z",,,"52.142.6.82",IPv4,33792,7464,TCP,true,1,,,,,,,,,null,null,,,,,,,"TCP Port Scanning attack","172.16.0.5",IPv4,,"FirewallAggregated_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:42:11",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:42:28.938Z",,,,,null,null,,null,null,application,"MSIL/Adware.CsdiMonetize.BC","HTTP filter","virlog.dat","21597 (20200703)",file,"http://prozipper.s3.eu-central-1.amazonaws.com/prozipperRed.exe/","connection terminated",true,false,"esetsmc\tomas","C:\Users\tomas\AppData\Local\Temp\2\is-JTC55.tmp\Installer.tmp","Event occurred during an attempt to access the web.",,6F661C387704D841A361758F29A5354C0DFE2CD0,Variant,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:41:51",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:42:28.938Z",,,,,null,null,,null,null,application,"MSIL/Adware.CsdiMonetize.BC","HTTP filter","virlog.dat","21597 (20200703)",file,"http://prozipper.s3.eu-central-1.amazonaws.com/prozipperRed.exe","connection terminated",true,false,"esetsmc\tomas","C:\Users\tomas\AppData\Local\Temp\2\is-JTC55.tmp\Installer.tmp","Event occurred during an attempt to access the web.",,A930F1E3FF7F24D78C33AFC6DF05C1A0420FA842,Variant,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:41:51",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:41:28.94Z",,,,,null,null,,null,null,trojan,"Generik.FMTXQFE","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX2/Setup.exe","cleaned by deleting",true,false,"esetsmc\tomas","C:\Users\tomas\AppData\Local\Temp\2\RarSFX1\keygen-step-4.exe","Event occurred on a newly created file.","22-Jun-2020 23:21:43",1456DB16388CA3CDB1DE211CA7B82794D7568E76,Variant,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:41:10",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:41:28.94Z",,,,,null,null,,null,null,trojan,"Win32/Talmad.D","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX1/keygen-pr.exe","cleaned by deleting",true,false,"esetsmc\tomas","C:\Users\tomas\Desktop\Synapse_keygen_by_KeygenNinja.exe","Event occurred on a newly created file.","03-Jul-2020 18:45:19",A1F4784377C53151167965E0FF225F5085EBD43B,,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:41:03",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:41:28.94Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"http://gothw.club/jshp3.exe",blocked,null,null,"esetsmc\tomas","C:\Users\tomas\AppData\Local\Temp\2\RarSFX1\keygen-step-1.exe",,,CDF263CEF9CAF9F25EC1DCE37EC9978F1311D55D,,"An attempt to connect to URL","185.250.206.69",IPv4,"Blocked by internal blacklist","FilteredWebsites_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:41:05",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:41:28.94Z",,,,,null,null,,null,null,trojan,"Win32/Spy.Socelars.AD","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX2/id6.exe","cleaned by deleting",true,false,"esetsmc\tomas","C:\Users\tomas\AppData\Local\Temp\2\RarSFX1\keygen-step-4.exe","Event occurred on a newly created file.","29-Jun-2020 13:06:20",59254A9A739E9E9458DF96D39B95261093B4786E,,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:41:11",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:41:28.94Z",,,,,null,null,,null,null,application,"Win32/RiskWare.Mimikatz.B","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX2/full.exe","cleaned by deleting",true,false,"esetsmc\tomas","C:\Users\tomas\AppData\Local\Temp\2\RarSFX1\keygen-step-4.exe","Event occurred on a newly created file.","17-Jun-2020 21:31:12",8807FEE1C56F67A1487A9223CA341AAE966A6E68,Variant,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:41:10",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:41:28.94Z",,,,,null,null,,null,null,trojan,"Win32/Spy.Socelars.S","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX2/Install.exe","cleaned by deleting",true,false,"esetsmc\tomas","C:\Users\tomas\AppData\Local\Temp\2\RarSFX1\keygen-step-4.exe","Event occurred on a newly created file.",,77B474E7A0DD9922D3A18C6EFBDF9E8875B5C1B8,Variant,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:41:10",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:41:28.94Z",,,,,null,null,,null,null,trojan,"Win32/Agent.UAW","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX2/hjjgaa.exe","cleaned by deleting",true,false,"esetsmc\tomas","C:\Users\tomas\AppData\Local\Temp\2\RarSFX1\keygen-step-4.exe","Event occurred on a newly created file.","29-Jun-2020 13:06:40",951627588BBD1692886AC90FE1E590324E4E75B5,Variant,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:41:10",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:41:28.94Z",,,,,null,null,,null,null,trojan,"Win32/PSW.Agent.OJK","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX2/wyfdggaa.exe","cleaned by deleting",true,false,"esetsmc\tomas","C:\Users\tomas\AppData\Local\Temp\2\RarSFX1\keygen-step-4.exe","Event occurred on a newly created file.","22-Jun-2020 23:24:48",FC4CE93026029AB195945D07874D68E110D231E3,Variant,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:41:12",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:41:28.94Z",,,,,null,null,,null,null,trojan,"Win32/Spy.Socelars.S","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX2/Install.exe/{app}\searzar.exe","cleaned by deleting",true,false,"esetsmc\tomas","C:\Users\tomas\AppData\Local\Temp\2\RarSFX1\keygen-step-4.exe","Event occurred on a newly created file.",,CF9869CADAEA620D0D35E3586ADA98D762BDCE83,Variant,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:41:10",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:41:28.94Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"http://gothw.club/jshp2.exe",blocked,null,null,"esetsmc\tomas","C:\Users\tomas\AppData\Local\Temp\2\RarSFX1\keygen-step-1.exe",,,CDF263CEF9CAF9F25EC1DCE37EC9978F1311D55D,,"An attempt to connect to URL","185.250.206.69",IPv4,"Blocked by internal blacklist","FilteredWebsites_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:41:05",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:41:28.94Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"http://gothw.club/jshp1.exe",blocked,null,null,"esetsmc\tomas","C:\Users\tomas\AppData\Local\Temp\2\RarSFX1\keygen-step-1.exe",,,CDF263CEF9CAF9F25EC1DCE37EC9978F1311D55D,,"An attempt to connect to URL","185.250.206.69",IPv4,"Blocked by internal blacklist","FilteredWebsites_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:41:05",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:41:28.94Z",,,,,null,null,,null,null,application,"Win32/RiskWare.Mimikatz.B","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/2/RarSFX1/keygen-step-3.exe","cleaned by deleting",true,false,"esetsmc\tomas","C:\Users\tomas\Desktop\Synapse_keygen_by_KeygenNinja.exe","Event occurred on a newly created file.","03-Jul-2020 18:45:22",CB17622EF22496F922F749D087A598AA9B52ACBF,Variant,,,,,"Threat_Event","172.16.0.7",esetsmc,"60a614fc-8968-4933-a297-ef7be1f57c01","03-Jul-2020 19:41:03",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:40:29.624Z",,,,,null,null,,null,null,,,,,,,,,null,null,,,,,,,,,,,"Audit_Event","172.16.0.7",esetsmc,"9da3a105-e1a8-4692-86dd-cfc68809f0a6","03-Jul-2020 19:40:13",Error,"Native user","Login attempt",Administrator,"Authenticating native user 'Administrator'.",,"Access denied",,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:40:29.624Z",,,,,null,null,,null,null,,,,,,,,,null,null,,,,,,,,,,,"Audit_Event","172.16.0.7",esetsmc,"9da3a105-e1a8-4692-86dd-cfc68809f0a6","03-Jul-2020 19:40:16",Error,"Native user","Login attempt",Administrator,"Authenticating native user 'Administrator'.",,"Access denied",,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:40:29.624Z",,,,,null,null,,null,null,,,,,,,,,null,null,,,,,,,,,,,"Audit_Event","172.16.0.7",esetsmc,"9da3a105-e1a8-4692-86dd-cfc68809f0a6","03-Jul-2020 19:40:10",Error,"Native user","Login attempt",Administrator,"Authenticating native user 'Administrator'.",,"Access denied",,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:40:29.562Z",,,,,null,null,,null,null,,,,,,,,,null,null,,,,,,,,,,,"Audit_Event","172.16.0.7",esetsmc,"9da3a105-e1a8-4692-86dd-cfc68809f0a6","03-Jul-2020 19:40:21",Information,"Native user","Login attempt",Administrator,"Authenticating native user 'Administrator'.",,Success,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:35:48.823Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"http://pcfullversion.net",blocked,null,null,"eset-win10\tomas","C:\Windows\System32\MicrosoftEdgeCP.exe",,,5675BF13004943DEBD19A6B1CAD3707076CD2A2B,,"An attempt to connect to URL","172.67.153.172",IPv4,"Blocked by PUA blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:35:24",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:35:48.823Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"http://pcfullversion.net/favicon.ico",blocked,null,null,"eset-win10\tomas","C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe",,,0F59EDE80386B36F8C7393475682F5E80A09D7C3,,"An attempt to connect to URL","104.18.45.217",IPv4,"Blocked by PUA blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:35:24",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:28:48.889Z",,,,,null,null,,null,null,"potentially unwanted application","Win64/DriverReviver.A","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Program Files/WinZip Driver Updater/DriverUpdater.exe","cleaned by deleting",true,false,"eset-win10\tomas","C:\a7a23746-96fd-4191-b40b-95bc1095b1f5.exe","Event occurred on a newly created file.","26-Mar-2020 09:57:52",81A46D322D364968F04073C085D9FC402E98D632,Variant,,,,,"Threat_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:28:04",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:26:48.943Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"https://zemdl.online",blocked,null,null,"eset-win10\tomas","C:\Windows\System32\MicrosoftEdgeCP.exe",,,5675BF13004943DEBD19A6B1CAD3707076CD2A2B,,"An attempt to connect to URL","95.211.221.104",IPv4,"Blocked by internal blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:26:05",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:26:48.943Z",,,,,null,null,,null,null,"potentially unwanted application","Win32/InstallCore.AZE.Gen","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/TempState/Downloads/Illustrator 2019_1862388573.exe.ghba3rv.partial","cleaned by deleting",true,false,"eset-win10\tomas","C:\Windows\System32\MicrosoftEdgeCP.exe","Event occurred on a modified file.","03-Jul-2020 19:24:05",84D6E023FD804F5A7CC48BA7293D7575AA4395B2,,,,,,"Threat_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:25:40",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:25:48.7Z",,,,,null,null,,null,null,application,"MSIL/Adware.CsdiMonetize.BC","HTTP filter","virlog.dat","21597 (20200703)",file,"http://prozipper.s3.eu-central-1.amazonaws.com/prozipperRed.exe/","connection terminated",true,false,"eset-win10\tomas","C:\Users\tomas\AppData\Local\Temp\is-DN5Q0.tmp\Installer.tmp","Event occurred during an attempt to access the web.",,6F661C387704D841A361758F29A5354C0DFE2CD0,Variant,,,,,"Threat_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:24:48",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:25:48.7Z",,,,,null,null,,null,null,application,"MSIL/Adware.CsdiMonetize.BC","HTTP filter","virlog.dat","21597 (20200703)",file,"http://prozipper.s3.eu-central-1.amazonaws.com/prozipperRed.exe","connection terminated",true,false,"eset-win10\tomas","C:\Users\tomas\AppData\Local\Temp\is-DN5Q0.tmp\Installer.tmp","Event occurred during an attempt to access the web.",,A930F1E3FF7F24D78C33AFC6DF05C1A0420FA842,Variant,,,,,"Threat_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:24:48",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:25:48.7Z",,,,,null,null,,null,null,"potentially unwanted application","Win32/InstallCore.AZE.Gen","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Packages/microsoft.microsoftedge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cache/NACUDR4Q/Illustrator%202019_1862388573[1].exe","cleaned by deleting",true,false,"eset-win10\tomas","C:\Windows\System32\MicrosoftEdgeCP.exe","Event occurred on a newly created file.","03-Jul-2020 19:24:05",84D6E023FD804F5A7CC48BA7293D7575AA4395B2,,,,,,"Threat_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:25:34",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:24:48.841Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"https://crackhomes.com",blocked,null,null,"eset-win10\tomas","C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe",,,0F59EDE80386B36F8C7393475682F5E80A09D7C3,,"An attempt to connect to URL","104.18.55.214",IPv4,"Blocked by internal blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:23:45",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:24:48.841Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"http://saifpc.com/favicon.ico",blocked,null,null,"eset-win10\tomas","C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe",,,0F59EDE80386B36F8C7393475682F5E80A09D7C3,,"An attempt to connect to URL","89.248.174.211",IPv4,"Blocked by internal blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:23:39",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:24:48.841Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"https://d10kjdghhdnb0c.cloudfront.net",blocked,null,null,"eset-win10\tomas","C:\Windows\System32\MicrosoftEdgeCP.exe",,,5675BF13004943DEBD19A6B1CAD3707076CD2A2B,,"An attempt to connect to URL","143.204.175.224",IPv4,"Blocked by PUA blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:24:26",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:24:48.841Z",,,,,null,null,,null,null,"potentially unwanted application","Win32/InstallCore.AZE.Gen","HTTP filter","virlog.dat","21597 (20200703)",file,"https://d10kjdghhdnb0c.cloudfront.net/udbmbi3wh>xrw/Illustrator 2019.exe","connection terminated",true,false,"eset-win10\tomas","C:\Windows\System32\MicrosoftEdgeCP.exe","Event occurred during an attempt to access the web.","03-Jul-2020 19:24:05",84D6E023FD804F5A7CC48BA7293D7575AA4395B2,,,,,,"Threat_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:24:20",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:24:48.841Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"https://d10kjdghhdnb0c.cloudfront.net",blocked,null,null,"eset-win10\tomas","C:\Windows\System32\MicrosoftEdgeCP.exe",,,5675BF13004943DEBD19A6B1CAD3707076CD2A2B,,"An attempt to connect to URL","143.204.175.224",IPv4,"Blocked by PUA blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:23:59",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:24:48.841Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"https://crackhomes.com",blocked,null,null,"eset-win10\tomas","C:\Windows\System32\MicrosoftEdgeCP.exe",,,5675BF13004943DEBD19A6B1CAD3707076CD2A2B,,"An attempt to connect to URL","104.18.55.214",IPv4,"Blocked by internal blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:23:43",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:24:08.835Z",,,,,null,null,,null,null,,,,,,,,,null,null,,,,,,,,,,,"Audit_Event","172.16.0.7",esetsmc,"9da3a105-e1a8-4692-86dd-cfc68809f0a6","03-Jul-2020 19:24:01",Information,"Native user",Logout,Administrator,"Logging out native user 'Administrator'.",Administrator,Success,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:23:48.769Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"https://dataf0ral1.com",blocked,null,null,"eset-win10\tomas","C:\Windows\System32\MicrosoftEdgeCP.exe",,,5675BF13004943DEBD19A6B1CAD3707076CD2A2B,,"An attempt to connect to URL","78.140.165.14",IPv4,"Blocked by internal IP blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:22:42",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:23:48.769Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"http://saifpc.com/microsoft-office-crack",blocked,null,null,"eset-win10\tomas","C:\Windows\System32\MicrosoftEdgeCP.exe",,,5675BF13004943DEBD19A6B1CAD3707076CD2A2B,,"An attempt to connect to URL","89.248.174.211",IPv4,"Blocked by internal blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:23:39",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:23:48.769Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"https://dataf0ral1.com",blocked,null,null,"eset-win10\tomas","C:\Windows\System32\MicrosoftEdgeCP.exe",,,5675BF13004943DEBD19A6B1CAD3707076CD2A2B,,"An attempt to connect to URL","78.140.165.14",IPv4,"Blocked by internal IP blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:22:47",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:20:48.664Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"http://gothw.club/jshp1.exe",blocked,null,null,"eset-win10\tomas","C:\Users\tomas\AppData\Local\Temp\RarSFX0\keygen-step-1.exe",,,CDF263CEF9CAF9F25EC1DCE37EC9978F1311D55D,,"An attempt to connect to URL","185.250.206.69",IPv4,"Blocked by internal blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:20:23",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:20:48.664Z",,,,,null,null,,null,null,trojan,"Win32/PSW.Agent.OJK","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/RarSFX1/wyfdggaa.exe","cleaned by deleting",true,false,"eset-win10\tomas","C:\Users\tomas\AppData\Local\Temp\RarSFX0\keygen-step-4.exe","Event occurred on a newly created file.","22-Jun-2020 23:24:48",FC4CE93026029AB195945D07874D68E110D231E3,Variant,,,,,"Threat_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:20:19",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:20:48.664Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"http://gothw.club/jshp2.exe",blocked,null,null,"eset-win10\tomas","C:\Users\tomas\AppData\Local\Temp\RarSFX0\keygen-step-1.exe",,,CDF263CEF9CAF9F25EC1DCE37EC9978F1311D55D,,"An attempt to connect to URL","185.250.206.69",IPv4,"Blocked by internal blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:20:23",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:20:48.664Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"http://gothw.club/jshp3.exe",blocked,null,null,"eset-win10\tomas","C:\Users\tomas\AppData\Local\Temp\RarSFX0\keygen-step-1.exe",,,CDF263CEF9CAF9F25EC1DCE37EC9978F1311D55D,,"An attempt to connect to URL","185.250.206.69",IPv4,"Blocked by internal blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:20:23",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:20:48.664Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"http://pcfullversion.net",blocked,null,null,"eset-win10\tomas","C:\Windows\System32\MicrosoftEdgeCP.exe",,,5675BF13004943DEBD19A6B1CAD3707076CD2A2B,,"An attempt to connect to URL","104.18.45.217",IPv4,"Blocked by PUA blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:20:35",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:20:48.664Z",,,,,null,null,,null,null,trojan,"Generik.FMTXQFE","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/RarSFX1/Setup.exe","cleaned by deleting",true,false,"eset-win10\tomas","C:\Users\tomas\AppData\Local\Temp\RarSFX0\keygen-step-4.exe","Event occurred on a newly created file.","22-Jun-2020 23:21:43",1456DB16388CA3CDB1DE211CA7B82794D7568E76,Variant,,,,,"Threat_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:20:15",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:20:48.664Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"http://pcfullversion.net/favicon.ico",blocked,null,null,"eset-win10\tomas","C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe",,,0F59EDE80386B36F8C7393475682F5E80A09D7C3,,"An attempt to connect to URL","104.18.45.217",IPv4,"Blocked by PUA blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:20:36",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:20:48.664Z",,,,,null,null,,null,null,trojan,"Win32/Spy.Socelars.S","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/RarSFX1/Install.exe","cleaned by deleting",true,false,"eset-win10\tomas","C:\Users\tomas\AppData\Local\Temp\RarSFX0\keygen-step-4.exe","Event occurred on a newly created file.",,77B474E7A0DD9922D3A18C6EFBDF9E8875B5C1B8,Variant,,,,,"Threat_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:20:15",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:20:48.664Z",,,,,null,null,,null,null,trojan,"Win32/Spy.Socelars.AD","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/RarSFX1/id6.exe","cleaned by deleting",true,false,"eset-win10\tomas","C:\Users\tomas\AppData\Local\Temp\RarSFX0\keygen-step-4.exe","Event occurred on a newly created file.","29-Jun-2020 13:06:20",59254A9A739E9E9458DF96D39B95261093B4786E,,,,,,"Threat_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:20:14",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:20:48.664Z",,,,,null,null,,null,null,application,"Win32/RiskWare.Mimikatz.B","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/RarSFX0/keygen-step-3.exe","cleaned by deleting",true,false,"eset-win10\tomas","C:\Users\tomas\Desktop\Synapse_keygen_by_KeygenNinja.exe","Event occurred on a newly created file.","03-Jul-2020 19:20:02",CB17622EF22496F922F749D087A598AA9B52ACBF,Variant,,,,,"Threat_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:20:04",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:20:48.664Z",,,,,null,null,,null,null,trojan,"Win32/Agent.UAW","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/RarSFX1/hjjgaa.exe","cleaned by deleting",true,false,"eset-win10\tomas","C:\Users\tomas\AppData\Local\Temp\RarSFX0\keygen-step-4.exe","Event occurred on a newly created file.","29-Jun-2020 13:06:40",951627588BBD1692886AC90FE1E590324E4E75B5,Variant,,,,,"Threat_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:20:15",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:20:48.664Z",,,,,null,null,,null,null,application,"Win32/RiskWare.Mimikatz.B","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/RarSFX1/full.exe","cleaned by deleting",true,false,"eset-win10\tomas","C:\Users\tomas\AppData\Local\Temp\RarSFX0\keygen-step-4.exe","Event occurred on a newly created file.","17-Jun-2020 21:31:12",8807FEE1C56F67A1487A9223CA341AAE966A6E68,Variant,,,,,"Threat_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:20:15",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:20:48.664Z",,,,,null,null,,null,null,,,"HTTP filter",,,,"https://crackhomes.com",blocked,null,null,"eset-win10\tomas","C:\Windows\System32\MicrosoftEdgeCP.exe",,,5675BF13004943DEBD19A6B1CAD3707076CD2A2B,,"An attempt to connect to URL","104.18.55.214",IPv4,"Blocked by internal blacklist","FilteredWebsites_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:20:32",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:20:48.664Z",,,,,null,null,,null,null,trojan,"Win32/Talmad.D","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/RarSFX0/keygen-pr.exe","cleaned by deleting",true,false,"eset-win10\tomas","C:\Users\tomas\Desktop\Synapse_keygen_by_KeygenNinja.exe","Event occurred on a newly created file.","03-Jul-2020 19:20:02",A1F4784377C53151167965E0FF225F5085EBD43B,,,,,,"Threat_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:20:04",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
"2ce631ed-7e1a-4fe4-acdc-d8594412519c",RestAPI,,,"2020-07-03T19:20:48.664Z",,,,,null,null,,null,null,trojan,"Win32/Spy.Socelars.S","Real-time file system protection","virlog.dat","21597 (20200703)",file,"file:///C:/Users/tomas/AppData/Local/Temp/RarSFX1/Install.exe/{app}\searzar.exe","cleaned by deleting",true,false,"eset-win10\tomas","C:\Users\tomas\AppData\Local\Temp\RarSFX0\keygen-step-4.exe","Event occurred on a newly created file.",,CF9869CADAEA620D0D35E3586ADA98D762BDCE83,Variant,,,,,"Threat_Event","172.16.0.5","eset-win10","fcd77018-c394-4e39-a886-a72289776bb2","03-Jul-2020 19:20:15",Warning,,,,,,,,,,,,"eset_CL","/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.compute/virtualmachines/esetagent"
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
<?xml version="1.0" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
|
||||
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
|
||||
<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
|
||||
width="689.000000pt" height="349.000000pt" viewBox="0 0 689.000000 349.000000"
|
||||
preserveAspectRatio="xMidYMid meet">
|
||||
|
||||
<g transform="translate(0.000000,349.000000) scale(0.100000,-0.100000)"
|
||||
fill="#000000" stroke="none">
|
||||
<path d="M5903 2854 c-46 -23 -69 -76 -54 -126 13 -42 58 -78 99 -78 55 0 112
|
||||
56 112 110 0 37 -30 81 -65 96 -43 18 -52 17 -92 -2z m115 -40 c31 -36 29 -79
|
||||
-7 -115 -69 -68 -177 3 -140 93 25 60 103 72 147 22z"/>
|
||||
<path d="M5910 2760 c0 -27 5 -50 10 -50 6 0 10 9 10 20 0 11 4 20 10 20 5 0
|
||||
15 -9 22 -20 7 -11 19 -20 27 -20 11 0 10 4 -2 24 -11 16 -13 26 -5 34 20 20
|
||||
1 42 -37 42 l-35 0 0 -50z m56 29 c3 -6 0 -15 -7 -20 -22 -14 -29 -11 -29 11
|
||||
0 21 24 27 36 9z"/>
|
||||
<path d="M1280 2730 c-133 -35 -234 -92 -331 -189 -95 -96 -131 -157 -172
|
||||
-301 -76 -261 -76 -746 -1 -1010 41 -142 77 -205 173 -301 70 -70 103 -94 178
|
||||
-132 180 -89 -26 -82 2323 -82 2348 0 2123 -8 2310 83 132 64 239 170 299 293
|
||||
80 166 118 422 108 719 -10 269 -39 423 -109 569 -72 150 -223 277 -403 339
|
||||
l-80 27 -2110 2 c-2060 2 -2112 2 -2185 -17z m2280 -995 l0 -845 -1087 2
|
||||
-1088 3 -75 29 c-302 115 -420 344 -420 811 0 412 100 650 320 764 162 84 88
|
||||
80 1288 80 l1062 1 0 -845z m913 474 c178 -38 243 -139 254 -391 l6 -128 -318
|
||||
0 -317 0 7 -67 c13 -128 49 -163 170 -163 98 0 155 35 155 95 0 13 25 15 150
|
||||
15 l150 0 0 -38 c0 -58 -26 -133 -61 -175 -65 -78 -169 -107 -394 -107 -208 0
|
||||
-298 23 -373 94 -76 71 -102 171 -102 396 0 359 73 455 365 484 62 6 250 -3
|
||||
308 -15z m1197 -104 l0 -115 -110 0 -110 0 0 -370 0 -370 -160 0 -160 0 0 370
|
||||
0 370 -110 0 -110 0 0 115 0 115 380 0 380 0 0 -115z"/>
|
||||
<path d="M1573 2196 c-154 -35 -224 -108 -252 -262 -16 -86 -14 -347 4 -422
|
||||
49 -207 170 -270 498 -259 198 6 253 22 322 92 51 50 66 83 80 173 l7 42 -144
|
||||
0 -144 0 -10 -37 c-15 -58 -48 -76 -146 -77 -144 -2 -178 29 -186 167 l-5 77
|
||||
318 0 318 0 -7 102 c-10 138 -21 193 -54 258 -32 64 -91 113 -165 136 -72 23
|
||||
-348 29 -434 10z m309 -197 c27 -15 48 -64 48 -114 l0 -45 -166 0 -167 0 6 57
|
||||
c7 67 35 102 94 114 44 9 160 1 185 -12z"/>
|
||||
<path d="M2650 2197 c-86 -19 -141 -57 -174 -118 -24 -43 -30 -67 -34 -144 -7
|
||||
-143 23 -210 113 -251 71 -33 139 -44 321 -52 181 -9 193 -15 202 -100 4 -44
|
||||
1 -54 -21 -76 -25 -25 -31 -26 -136 -26 -64 0 -121 5 -136 12 -27 12 -55 54
|
||||
-55 83 0 13 -21 15 -146 15 l-147 0 6 -57 c12 -116 76 -188 192 -218 71 -18
|
||||
369 -21 461 -4 185 34 273 144 262 329 -11 191 -91 240 -415 254 -152 7 -198
|
||||
17 -213 46 -12 22 -13 90 -2 107 14 23 64 33 156 33 99 0 137 -15 151 -60 6
|
||||
-19 16 -20 141 -20 l134 0 0 44 c0 89 -47 151 -139 188 -50 19 -78 22 -261 24
|
||||
-137 2 -223 -1 -260 -9z"/>
|
||||
<path d="M4220 2013 c-76 -13 -101 -40 -114 -120 l-6 -43 165 0 165 0 -6 43
|
||||
c-9 56 -30 96 -57 106 -30 11 -116 20 -147 14z"/>
|
||||
</g>
|
||||
</svg>
|
||||
|
После Ширина: | Высота: | Размер: 2.8 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 131 KiB |
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 133 KiB |
|
|
@ -90,6 +90,19 @@
|
|||
"subtitle": "",
|
||||
"provider": "Palo Alto Networks"
|
||||
},
|
||||
{
|
||||
"workbookKey": "EsetSMCWorkbook",
|
||||
"logoFileName": "eset-logo.svg",
|
||||
"description": "Visualize events and threats from Eset Security Management Center.",
|
||||
"dataTypesDependencies": [ "eset_CL" ],
|
||||
"dataConnectorsDependencies": [ "EsetSMC" ],
|
||||
"previewImagesFileNames": [ "esetSMCWorkbook-black.png", "esetSMCWorkbook-light.png" ],
|
||||
"version": "1.0",
|
||||
"title": "Eset Security Management Center Overview",
|
||||
"templateRelativePath": "esetSMCWorkbook.json",
|
||||
"subtitle": "",
|
||||
"provider": "Community"
|
||||
},
|
||||
{
|
||||
"workbookKey": "FortigateWorkbook",
|
||||
"logoFileName": "fortinet_logo.svg",
|
||||
|
|
|
|||
|
|
@ -0,0 +1,236 @@
|
|||
{
|
||||
"version": "Notebook/1.0",
|
||||
"items": [
|
||||
{
|
||||
"type": 1,
|
||||
"content": {
|
||||
"json": "## Eset Security Management Center"
|
||||
},
|
||||
"name": "text - 2"
|
||||
},
|
||||
{
|
||||
"type": 9,
|
||||
"content": {
|
||||
"version": "KqlParameterItem/1.0",
|
||||
"parameters": [
|
||||
{
|
||||
"id": "c84a31aa-79fc-45f8-8991-8b56e0545a8c",
|
||||
"version": "KqlParameterItem/1.0",
|
||||
"name": "TimeRange",
|
||||
"type": 4,
|
||||
"isRequired": true,
|
||||
"value": {
|
||||
"durationMs": 259200000
|
||||
},
|
||||
"typeSettings": {
|
||||
"selectableValues": [
|
||||
{
|
||||
"durationMs": 3600000
|
||||
},
|
||||
{
|
||||
"durationMs": 14400000
|
||||
},
|
||||
{
|
||||
"durationMs": 43200000
|
||||
},
|
||||
{
|
||||
"durationMs": 86400000
|
||||
},
|
||||
{
|
||||
"durationMs": 172800000
|
||||
},
|
||||
{
|
||||
"durationMs": 259200000
|
||||
},
|
||||
{
|
||||
"durationMs": 604800000
|
||||
},
|
||||
{
|
||||
"durationMs": 1209600000
|
||||
},
|
||||
{
|
||||
"durationMs": 2419200000
|
||||
},
|
||||
{
|
||||
"durationMs": 2592000000
|
||||
},
|
||||
{
|
||||
"durationMs": 5184000000
|
||||
},
|
||||
{
|
||||
"durationMs": 7776000000
|
||||
}
|
||||
],
|
||||
"allowCustom": true
|
||||
},
|
||||
"timeContext": {
|
||||
"durationMs": 86400000
|
||||
}
|
||||
}
|
||||
],
|
||||
"style": "pills",
|
||||
"queryType": 0,
|
||||
"resourceType": "microsoft.operationalinsights/workspaces"
|
||||
},
|
||||
"name": "parameters - 2"
|
||||
},
|
||||
{
|
||||
"type": 3,
|
||||
"content": {
|
||||
"version": "KqlItem/1.0",
|
||||
"query": "eset_CL\r\n| where TimeGenerated {TimeRange}\r\n| summarize events_count = count() by event_type_s, bin(TimeGenerated, {TimeRange:grain})",
|
||||
"size": 0,
|
||||
"title": "Events",
|
||||
"queryType": 0,
|
||||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||||
"visualization": "barchart"
|
||||
},
|
||||
"customWidth": "50",
|
||||
"name": "allEventsOverTIme"
|
||||
},
|
||||
{
|
||||
"type": 3,
|
||||
"content": {
|
||||
"version": "KqlItem/1.0",
|
||||
"query": "eset_CL\r\n| where TimeGenerated {TimeRange}\r\n| where event_type_s == \"Threat_Event\"\r\n| summarize events_count = count() by threat_name_s, bin(TimeGenerated, {TimeRange:grain})",
|
||||
"size": 0,
|
||||
"title": "Threats",
|
||||
"queryType": 0,
|
||||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||||
"visualization": "barchart"
|
||||
},
|
||||
"customWidth": "50",
|
||||
"name": "queryThreatsOverTime"
|
||||
},
|
||||
{
|
||||
"type": 3,
|
||||
"content": {
|
||||
"version": "KqlItem/1.0",
|
||||
"query": "eset_CL\r\n| where TimeGenerated {TimeRange}\r\n| where event_type_s == 'Threat_Event'\r\n| summarize events_count = count() by threat_name_s",
|
||||
"size": 3,
|
||||
"title": "Top threats",
|
||||
"queryType": 0,
|
||||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||||
"visualization": "piechart",
|
||||
"tileSettings": {
|
||||
"showBorder": false,
|
||||
"titleContent": {
|
||||
"columnMatch": "threat_name_s",
|
||||
"formatter": 1
|
||||
},
|
||||
"leftContent": {
|
||||
"columnMatch": "events_count",
|
||||
"formatter": 12,
|
||||
"formatOptions": {
|
||||
"palette": "auto"
|
||||
},
|
||||
"numberFormat": {
|
||||
"unit": 17,
|
||||
"options": {
|
||||
"maximumSignificantDigits": 3,
|
||||
"maximumFractionDigits": 2
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"customWidth": "33",
|
||||
"name": "queryTopThreats"
|
||||
},
|
||||
{
|
||||
"type": 3,
|
||||
"content": {
|
||||
"version": "KqlItem/1.0",
|
||||
"query": "eset_CL\r\n| where TimeGenerated {TimeRange}\r\n| where event_type_s == 'Threat_Event'\r\n| summarize events_count = count() by threat_type_s",
|
||||
"size": 3,
|
||||
"title": "Top threats by type",
|
||||
"queryType": 0,
|
||||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||||
"visualization": "piechart"
|
||||
},
|
||||
"customWidth": "33",
|
||||
"name": "queryTopThreatsByType"
|
||||
},
|
||||
{
|
||||
"type": 3,
|
||||
"content": {
|
||||
"version": "KqlItem/1.0",
|
||||
"query": "eset_CL\r\n| where TimeGenerated {TimeRange}\r\n| where event_type_s == 'Threat_Event'\r\n| summarize events_count = count() by hostname_s",
|
||||
"size": 3,
|
||||
"title": "Most attacked hosts",
|
||||
"queryType": 0,
|
||||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||||
"visualization": "piechart"
|
||||
},
|
||||
"customWidth": "33",
|
||||
"name": "queryMostAttackedHosts"
|
||||
},
|
||||
{
|
||||
"type": 3,
|
||||
"content": {
|
||||
"version": "KqlItem/1.0",
|
||||
"query": "eset_CL\r\n| where TimeGenerated {TimeRange}\r\n| where event_type_s == 'Threat_Event'\r\n| summarize events_count = count() by username_s",
|
||||
"size": 3,
|
||||
"title": "Most attacked users",
|
||||
"queryType": 0,
|
||||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||||
"visualization": "piechart"
|
||||
},
|
||||
"customWidth": "33",
|
||||
"name": "queryMostAttackedUsers"
|
||||
},
|
||||
{
|
||||
"type": 3,
|
||||
"content": {
|
||||
"version": "KqlItem/1.0",
|
||||
"query": "eset_CL\r\n| where TimeGenerated {TimeRange}\r\n| where event_type_s == \"FirewallAggregated_Event\"\r\n| summarize count() by source_address_s",
|
||||
"size": 3,
|
||||
"title": "Top remote attackers",
|
||||
"queryType": 0,
|
||||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||||
"visualization": "piechart"
|
||||
},
|
||||
"customWidth": "33",
|
||||
"name": "queryTopRemoteAttackers"
|
||||
},
|
||||
{
|
||||
"type": 3,
|
||||
"content": {
|
||||
"version": "KqlItem/1.0",
|
||||
"query": "eset_CL\r\n| where TimeGenerated {TimeRange}\r\n| where event_type_s == \"FilteredWebsites_Event\"\r\n| where action_taken_s == \"blocked\"\r\n| summarize count() by object_uri_s",
|
||||
"size": 3,
|
||||
"title": "Most blocked sites",
|
||||
"queryType": 0,
|
||||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||||
"visualization": "piechart"
|
||||
},
|
||||
"customWidth": "33",
|
||||
"name": "queryMostBlockedSites"
|
||||
},
|
||||
{
|
||||
"type": 3,
|
||||
"content": {
|
||||
"version": "KqlItem/1.0",
|
||||
"query": "eset_CL\r\n| where TimeGenerated {TimeRange}\r\n| where event_type_s == \"Threat_Event\"\r\n| project TimeGenerated, hostname_s, username_s, threat_type_s, threat_name_s, processname_s, action_taken_s\r\n| sort by TimeGenerated desc",
|
||||
"size": 0,
|
||||
"showAnalytics": true,
|
||||
"title": "Latest threats",
|
||||
"showExportToExcel": true,
|
||||
"exportToExcelOptions": "all",
|
||||
"queryType": 0,
|
||||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||||
"visualization": "table",
|
||||
"gridSettings": {
|
||||
"rowLimit": 1000,
|
||||
"filter": true
|
||||
}
|
||||
},
|
||||
"name": "queryLatestThreats"
|
||||
}
|
||||
],
|
||||
"fallbackResourceIds": [
|
||||
"/subscriptions/a0f4a733-4fce-4d49-b8a8-d30541fc1b45/resourcegroups/eset/providers/microsoft.operationalinsights/workspaces/sentineleset"
|
||||
],
|
||||
"fromTemplateId": "sentinel-EsetSMC",
|
||||
"$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
|
||||
}
|
||||
Загрузка…
Ссылка в новой задаче