Added some Sample Data
This commit is contained in:
EgressGlynn
Родитель
7d15da367f
Коммит
ae9310d0b1
|
|
@ -0,0 +1,61 @@
|
|||
{
|
||||
"count": 1662,
|
||||
"items": [
|
||||
{
|
||||
"event": "inboundEmail",
|
||||
"time": "2023-02-27T10:44:05.51Z",
|
||||
"email": {
|
||||
"to": [
|
||||
{
|
||||
"domain": "sensitive.onmicrosoft.com",
|
||||
"localPart": "sensitive",
|
||||
"displayName": ""
|
||||
}
|
||||
],
|
||||
"from": [
|
||||
{
|
||||
"domain": "sensitive.com",
|
||||
"localPart": "microsoft.recovery.63a96a63-e548-4fcc-87fd-fc9609025bc7",
|
||||
"displayName": "Microsoft Recovery"
|
||||
}
|
||||
],
|
||||
"rcptTo": [
|
||||
"sensitive@sensitive.onmicrosoft.com"
|
||||
],
|
||||
"mailFrom": "010b01869278dc5c-8cd61d86-28fa-4c0b-866b-f1c46ba40116-000000@mail.sensitive.com",
|
||||
"threat": "dangerous",
|
||||
"subject": "Microsoft password reset link.",
|
||||
"receivedAt": "2023-02-27T10:44:05.419Z",
|
||||
"fromAddressDomainCreatedDate": "2017-12-21T11:37:30Z",
|
||||
"linksClicked": 1,
|
||||
"trust": "firstTimeSender",
|
||||
"auth": {
|
||||
"rawAuth": "sensitive.sensitive.com; spf=pass smtp.mailfrom=mail.sensitive.com smtp.ip=23.249.218.11 sensitive.calculated=False; dkim=pass header.d=sensitive.com sensitive.calculated=False; dmarc=bestguesspass header.from=sensitive.com",
|
||||
"spf": "pass",
|
||||
"dkim": "pass",
|
||||
"dmarc": "other"
|
||||
},
|
||||
"primaryDomain": "sensitive.onmicrosoft.com",
|
||||
"messageId": "010b01869278dc5c-8cd61d86-28fa-4c0b-866b-f1c46ba40116-000000@eu-west-2.sensitive.com",
|
||||
"firstTimeSender": true,
|
||||
"links": [
|
||||
{
|
||||
"domain": "www.egress.com",
|
||||
"occurrences": 1,
|
||||
"clicks": 2,
|
||||
"inAttachment": false
|
||||
}
|
||||
],
|
||||
"attachments": [],
|
||||
"senderIp": "23.249.218.11",
|
||||
"msScl": 1,
|
||||
"replyTo": null,
|
||||
"phishType": [
|
||||
"brandImpersonation"
|
||||
],
|
||||
"payloadType": "links",
|
||||
"emailSummaryLink": "https://summary.uk.defend.egress.com/v3/summary?ref=api&crId=sensitive"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
ColumnName,ColumnOrdinal,DataType,ColumnType
|
||||
TenantId,0,"System.String",string
|
||||
SourceSystem,1,"System.String",string
|
||||
MG,2,"System.String",string
|
||||
ManagementGroupName,3,"System.String",string
|
||||
TimeGenerated,4,"System.DateTime",datetime
|
||||
Computer,5,"System.String",string
|
||||
RawData,6,"System.String",string
|
||||
"event_s",7,"System.String",string
|
||||
"time_t",8,"System.DateTime",datetime
|
||||
"email_to_s",9,"System.String",string
|
||||
"email_from_s",10,"System.String",string
|
||||
"email_rcptTo_s",11,"System.String",string
|
||||
"email_mailFrom_s",12,"System.String",string
|
||||
"email_threat_s",13,"System.String",string
|
||||
"email_subject_s",14,"System.String",string
|
||||
"email_receivedAt_t",15,"System.DateTime",datetime
|
||||
"email_fromAddressDomainCreatedDate_t",16,"System.DateTime",datetime
|
||||
"email_linksClicked_d",17,"System.Double",real
|
||||
"email_trust_s",18,"System.String",string
|
||||
"email_auth_rawAuth_s",19,"System.String",string
|
||||
"email_auth_spf_s",20,"System.String",string
|
||||
"email_auth_dkim_s",21,"System.String",string
|
||||
"email_auth_dmarc_s",22,"System.String",string
|
||||
"email_primaryDomain_s",23,"System.String",string
|
||||
"email_messageId_s",24,"System.String",string
|
||||
"email_firstTimeSender_b",25,"System.SByte",bool
|
||||
"email_links_s",26,"System.String",string
|
||||
"email_attachments_s",27,"System.String",string
|
||||
"email_senderIp_s",28,"System.String",string
|
||||
"email_msScl_d",29,"System.Double",real
|
||||
"email_phishType_s",30,"System.String",string
|
||||
"email_payloadType_s",31,"System.String",string
|
||||
"email_emailSummaryLink_s",32,"System.String",string
|
||||
"linkClicked_s",33,"System.String",string
|
||||
Type,34,"System.String",string
|
||||
"_ResourceId",35,"System.String",string
|
||||
|
Загрузка…
Ссылка в новой задаче