From c044cb2fdbd2d9d3557d3865cfc00fb55e37eec1 Mon Sep 17 00:00:00 2001 From: chicduong <59736871+chicduong@users.noreply.github.com> Date: Fri, 4 Dec 2020 14:31:56 -0800 Subject: [PATCH] cylancePROTECT parser --- Parsers/CylancePROTECT/CylancePROTECT.txt | 144 + Sample Data/Syslog/CylancePROTECT.json | 14510 ++++++++++++++++++++ 2 files changed, 14654 insertions(+) create mode 100644 Parsers/CylancePROTECT/CylancePROTECT.txt create mode 100644 Sample Data/Syslog/CylancePROTECT.json diff --git a/Parsers/CylancePROTECT/CylancePROTECT.txt b/Parsers/CylancePROTECT/CylancePROTECT.txt new file mode 100644 index 0000000000..1cefb27ffd --- /dev/null +++ b/Parsers/CylancePROTECT/CylancePROTECT.txt @@ -0,0 +1,144 @@ +// Title: Blackberry CylancePROTECT +// Author: Microsoft +// Version: 1.0 +// Last Updated: 12/04/2020 +// Comment: Initial Release +// +// DESCRIPTION: +// This parser takes raw CylancePROTECT logs from a Syslog stream and parses the logs into a normalized schema. +// +// USAGE: +// 1. Open Log Analytics/Azure Sentinel Logs blade. Copy the query below and paste into the Logs query window. +// 2. In the query window, on the second line of the query, enter the hostname(s) of your CylancePROTECT device(s) and any other unique identifiers for the logstream. +// For example: | where Computer in ("server1", "server2") +// 3. Click the Save button above the query. A pane will appear on the right, select "as Function" from the drop down. Enter a Function Name. +// It is recommended to name the Function Alias, as CylancePROTECT +// 4. Kusto Functions can typically take up to 15 minutes to activate. You can then use Function Alias for other queries. +// +// REFERENCES: +// Using functions in Azure monitor log queries: https://docs.microsoft.com/azure/azure-monitor/log-query/functions +// +// LOG SAMPLES: +// This parser assumes the raw log are formatted as follows: +// +// Nov 30 15:25:49 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST013, Agent Version: 2.1.1570.35, IP Address: (10.91.6.156), MAC Address: (005056A67CA5), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server) +// +// Nov 30 14:49:35 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (192.147.148.170), File Name: MBX@52DC@39D1B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user57, SHA256: 4344B4702D544149C0C6072914E822E23D60A187302F13D772B4D85976B02AC9, MD5: 3EE72502F87F904A56523F0A2E469FE7A, Status: Quarantined, Cylance Score: 61, Found Date: 11/30/2020 2:49:35 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +// +// Nov 30 19:36:17 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST091, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C34A0E20C2FA320B9FC723FB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 3,Device Type - Server), User Name: SYSTEM, Device Id: ba302db3-4659-4064-a57a-4b9bb1be6bd2, Policy Name: Server - CyberArk PSM +// +// +let LogHeader = Syslog +| where Computer in ("server1", "server2") // server1 and server2 are examples, replace this list with your CylancePROTECT devices +| extend EventType = extract(@"Event Type: ([^,]+),",1,SyslogMessage), + EventName = extract(@"Event Name: ([^,]+),",1,SyslogMessage), + DeviceName = extract(@"Device Name: ([^,]+),",1,SyslogMessage); +let DeviceEvents = LogHeader +| where EventType == "Device" +| extend AgentVersion = extract(@"Agent Version: ([^,]+),",1,SyslogMessage), + SrcIpAddr = split(extract(@"IP Address: \(([^)]+)\),",1,SyslogMessage),","), + SrcMacAddr = split(extract(@"MAC Address: \(([^)]+)\),",1,SyslogMessage),","), + LoggedOnUsers = split(extract(@"Logged On Users: \(([^)]+)\),",1,SyslogMessage),","), + OsVersion = extract(@"OS: ([^,]+),",1,SyslogMessage), + ZoneNames = split(extract(@"Zone Names: \(([^)]+)\)(,|$)",1,SyslogMessage),","); +let ScriptControlEvents = LogHeader +| where EventType == "ScriptControl" +| extend FilePath = extract(@"File Path: ([^,]+),",1,SyslogMessage), + FileHashSha256 = extract(@"SHA256: ([^,]+),",1,SyslogMessage), + Interpreter = extract(@"Interpreter: ([^,]+),",1,SyslogMessage), + InterpreterVersion = extract(@"Interpreter Version: ([^,]+),",1,SyslogMessage), + UserName = extract(@"User Name: ([^,]+),",1,SyslogMessage), + DeviceId = extract(@"Device Id: ([^,]+),",1,SyslogMessage), + PolicyName = extract(@"Policy Name: ([^,]+)(,|$)",1,SyslogMessage); +let ThreatEvents = LogHeader +| where EventType == "Threat" +| extend SrcIpAddr = split(extract(@"IP Address: \(([^)]+)\),",1,SyslogMessage),","), + FileName = extract(@"File Name: ([^,]+),",1,SyslogMessage), + Path = extract(@"Path: ([^,]+)(,|$)",1,SyslogMessage), + DriveType = extract(@"Drive Type: ([^,]+),",1,SyslogMessage), + FileHashSha256 = extract(@"SHA256: ([^,]+),",1,SyslogMessage), + FileHashMd5 = extract(@"MD5: ([^,]+),",1,SyslogMessage), + Status = extract(@"Status: ([^,]+),",1,SyslogMessage), + CylanceScore = extract(@"Cylance Score: ([^,]+),",1,SyslogMessage), + FoundDate = extract(@"Found Date: ([^,]+),",1,SyslogMessage), + FileType = extract(@"File Type: ([^,]+),",1,SyslogMessage), + IsRunning = extract(@"Is Running: ([^,]+),",1,SyslogMessage), + AutoRun = extract(@"Auto Run: ([^,]+),",1,SyslogMessage), + DetectedBy = extract(@"Detected By: ([^,]+),",1,SyslogMessage), + ZoneNames = split(extract(@"Zone Names: \(([^)]+)\),",1,SyslogMessage),","), + IsMalware = extract(@"Is Malware: ([^,]+),",1,SyslogMessage), + IsUniqueToCylance = extract(@"Is Unique To Cylance: ([^,]+),",1,SyslogMessage), + ThreatClassification = extract(@"Threat Classification: ([^,]+),",1,SyslogMessage), + DeviceId = extract(@"Device Id: ([^,]+),",1,SyslogMessage), + PolicyName = extract(@"Policy Name: ([^,]+)(,|$)",1,SyslogMessage); +let DeviceControlEvents = LogHeader +| where EventType == "DeviceControl" +| extend ExtDeviceType = extract(@"External Device Type: ([^,]+),",1,SyslogMessage), + ExtDeviceVendorId = extract(@"External Device Vendor ID: ([^,]+),",1,SyslogMessage), + ExtDeviceName = extract(@"External Device Name: ([^,]+),",1,SyslogMessage), + ExtDeviceProductId = extract(@"External Device Product ID: ([^,]+),",1,SyslogMessage), + ExtDeviceSerialNumber = extract(@"External Device Serial Number: ([^,]+),",1,SyslogMessage), + ZoneNames = split(extract(@"Zone Names: \(([^)]+)\)(,|$)",1,SyslogMessage),","), + DeviceId = extract(@"Device Id: ([^,]+),",1,SyslogMessage), + PolicyName = extract(@"Policy Name: ([^,]+)(,|$)",1,SyslogMessage); +let AuditLog = LogHeader +| where EventType == "AuditLog" +| extend Provider = extract(@"Provider: ([^,]+),",1,SyslogMessage), + PolicyChanged = extract(@"Policy Changed: ([^,]+),",1,SyslogMessage), + ZoneNames = split(extract(@"Zone: ([^,]+)(,|$)",1,SyslogMessage),","), + UserName = extract(@"User: ([^,]+)(,|$)",1,SyslogMessage), + DeviceName = extract(@"Devices?:\s([\w\d\-\_]+)\,",1,SyslogMessage), + SrcIpAddr = split(extract(@"Source IP: ([\w\.\:]+)\,",1,SyslogMessage),","); +let AllOtherLogs = LogHeader +| where isempty(EventType) +| extend AgentVersion = tostring(parse_json(SyslogMessage).["Agent Version"]), + BackgroundDetection = tostring(parse_json(SyslogMessage).["Background Detection"]), + EventCreationTime = tostring(parse_json(SyslogMessage).Created), + DeviceName = tostring(parse_json(SyslogMessage).["Device Name"]), + FilesAnalyzed = toint(parse_json(SyslogMessage).["Files Analyzed"]), + SrcIpAddr = split(parse_json(SyslogMessage).["IP Addresses"],","), + IsOnline = tostring(parse_json(SyslogMessage).["Is Online"]), + LastReportedUser = tostring(parse_json(SyslogMessage).["Last Reported User"]), + SrcMacAddr = split(parse_json(SyslogMessage).["Mac Addresses"],","), + OsVersion = tostring(parse_json(SyslogMessage).["OS Version"]), + OfflineDate = tostring(parse_json(SyslogMessage).["Offline Date"]), + OnlineDate = tostring(parse_json(SyslogMessage).["Online Date"]), + Policy = tostring(parse_json(SyslogMessage).Policy), + SerialNumber = tostring(parse_json(SyslogMessage).["Serial Number"]), + Tenant = tostring(parse_json(SyslogMessage).Tenant), + ZoneNames = split(parse_json(SyslogMessage).Zones,",") +| extend AvIndustry = tostring(parse_json(SyslogMessage).["AV Industry"]), + AccessTime = tostring(parse_json(SyslogMessage).["Access Time"]), + AutoRun = tostring(parse_json(SyslogMessage).["Auto Run"]), + CertIssuer = tostring(parse_json(SyslogMessage).["Cert Issuer"]), + CertPublisher = tostring(parse_json(SyslogMessage).["Cert Publisher"]), + CertSubject = tostring(parse_json(SyslogMessage).["Cert Subject"]), + CertTimestamp = tostring(parse_json(SyslogMessage).["Cert Timestamp"]), + Classification_ = tostring(parse_json(SyslogMessage).Classification), + CompanyName = tostring(parse_json(SyslogMessage).["Company Name"]), + Copyright = tostring(parse_json(SyslogMessage).Copyright), + CreateTime = tostring(parse_json(SyslogMessage).["Create Time"]), + CylanceScore = tostring(parse_json(SyslogMessage).["Cylance Score"]), + Description = tostring(parse_json(SyslogMessage).Description), + DetectedBy = tostring(parse_json(SyslogMessage).["Detected By"]), + DriveType = tostring(parse_json(SyslogMessage).["Drive Type"]), + EverRun = tostring(parse_json(SyslogMessage).["Ever Run"]), + FileName = tostring(parse_json(SyslogMessage).["File Name"]), + FileOwner = tostring(parse_json(SyslogMessage).["File Owner"]), + FilePath = tostring(parse_json(SyslogMessage).["File Path"]), + FileSize = tostring(parse_json(SyslogMessage).["File Size (bytes)"]), + FileStatus = tostring(parse_json(SyslogMessage).["File Status"]), + FileVersion = tostring(parse_json(SyslogMessage).["File Version"]), + FirstFound = tostring(parse_json(SyslogMessage).["First Found"]), + GlobalQuarantined = tostring(parse_json(SyslogMessage).["Global Quarantined"]), + LastFound = tostring(parse_json(SyslogMessage).["Last Found"]), + FileHashMd5 = tostring(parse_json(SyslogMessage).MD5), + ModificationTime = tostring(parse_json(SyslogMessage).["Modification Time"]), + ProductName = tostring(parse_json(SyslogMessage).["Product Name"]), + Running = tostring(parse_json(SyslogMessage).Running), + FileHashSha256 = tostring(parse_json(SyslogMessage).SHA256), + Safelisted = tostring(parse_json(SyslogMessage).Safelisted), + SerialNumber = tostring(parse_json(SyslogMessage).["Serial Number"]), + SignatureStatus = tostring(parse_json(SyslogMessage).["Signature Status"]), + Signed = tostring(parse_json(SyslogMessage).Signed); +union DeviceEvents, ScriptControlEvents, ThreatEvents, DeviceControlEvents, AuditLog, AllOtherLogs \ No newline at end of file diff --git a/Sample Data/Syslog/CylancePROTECT.json b/Sample Data/Syslog/CylancePROTECT.json new file mode 100644 index 0000000000..1194c47d11 --- /dev/null +++ b/Sample Data/Syslog/CylancePROTECT.json @@ -0,0 +1,14510 @@ +[ + { + "SyslogMessage": "Nov 30 15:11:16 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST002, Agent Version: 2.1.1570.35, IP Address: (172.78.212.98), MAC Address: (000D3AF980E0), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST002", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.240.224.8\"]", + "SrcMacAddr": "[\"000D3AF980E0\"]", + "LoggedOnUsers": "[\"\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Server - Pilot\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:25:49 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST013, Agent Version: 2.1.1570.35, IP Address: (10.91.6.156), MAC Address: (005056A67CA5), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST013", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.190.11.90\"]", + "SrcMacAddr": "[\"005056A67CA5\"]", + "LoggedOnUsers": "[\"\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 05:51:03 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST015, Agent Version: 2.1.1570.35, IP Address: (192.74.86.110), MAC Address: (000D3AFD44E9), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - SCCM,Device Type - Server,Feature - Server - PS Alert)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST015", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.240.76.6\"]", + "SrcMacAddr": "[\"000D3AFD44E9\"]", + "LoggedOnUsers": "[\"\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"App - Server - SCCM\",\"Device Type - Server\",\"Feature - Server - PS Alert\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:21:17 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST017, Agent Version: 2.1.1570.35, IP Address: (10.96.27.133), MAC Address: (000D3A06935A), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST017", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.240.205.5\"]", + "SrcMacAddr": "[\"000D3A06935A\"]", + "LoggedOnUsers": "[\"\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Server - Pilot\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:23:57 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST018, Agent Version: 2.1.1570.35, IP Address: (172.181.208.227), MAC Address: (000D3AC4CC48), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST018", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.240.213.7\"]", + "SrcMacAddr": "[\"000D3AC4CC48\"]", + "LoggedOnUsers": "[\"\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Server - Pilot\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:26:44 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST019, Agent Version: 2.1.1570.35, IP Address: (172.6.233.128), MAC Address: (000D3A066CD7), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Server - Test)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST019", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.240.215.10\"]", + "SrcMacAddr": "[\"000D3A066CD7\"]", + "LoggedOnUsers": "[\"\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Server - Test\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:10:38 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST020, Agent Version: 2.1.1570.35, IP Address: (172.14.66.111), MAC Address: (000D3A075019), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST020", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.240.209.11\"]", + "SrcMacAddr": "[\"000D3A075019\"]", + "LoggedOnUsers": "[\"\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Server - Pilot\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:07:46 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST021, Agent Version: 2.1.1570.35, IP Address: (10.8.158.124), MAC Address: (000D3A063728), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST021", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.240.201.8\"]", + "SrcMacAddr": "[\"000D3A063728\"]", + "LoggedOnUsers": "[\"\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Server - Pilot\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:10:07 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST022, Agent Version: 2.1.1570.35, IP Address: (172.5.183.231), MAC Address: (000D3A6CCF96), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST022", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.240.213.8\"]", + "SrcMacAddr": "[\"000D3A6CCF96\"]", + "LoggedOnUsers": "[\"\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Server - Pilot\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:24:39 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST027, Agent Version: 2.1.1570.35, IP Address: (10.21.58.30), MAC Address: (000D3A6D2B86), Logged On Users: (), OS: Microsoft Windows Server 2016 Datacenter x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST027", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.240.197.5\"]", + "SrcMacAddr": "[\"000D3A6D2B86\"]", + "LoggedOnUsers": "[\"\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Datacenter x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Server - Pilot\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:10:48 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST028, Agent Version: 2.1.1570.35, IP Address: (192.127.186.235), MAC Address: (000D3A6CC547), Logged On Users: (), OS: Microsoft Windows Server 2016 Datacenter x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST028", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.240.209.17\"]", + "SrcMacAddr": "[\"000D3A6CC547\"]", + "LoggedOnUsers": "[\"\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Datacenter x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Server - Pilot\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:09:39 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST051, Agent Version: 2.1.1570.35, IP Address: (172.238.7.184), MAC Address: (005056B65266), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST051", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.130.68.64\"]", + "SrcMacAddr": "[\"005056B65266\"]", + "LoggedOnUsers": "[\"\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:16:58 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST053, Agent Version: 2.1.1570.35, IP Address: (172.108.69.116, 172.108.69.116), MAC Address: (0050569E1E17, 0050569E3A12), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST053", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.210.224.69\",\" 172.16.1.15\"]", + "SrcMacAddr": "[\"0050569E1E17\",\" 0050569E3A12\"]", + "LoggedOnUsers": "[\"\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:31:01 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST096, Agent Version: 2.0.1540.8, IP Address: (192.194.55.131), MAC Address: (005056A93938), Logged On Users: (), OS: Microsoft Windows Server 2008 R2 Enterprise Service Pack 1 x64 6.1.7601, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST096", + "AgentVersion_string": "2.0.1540.8", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.170.96.21\"]", + "SrcMacAddr": "[\"005056A93938\"]", + "LoggedOnUsers": "[\"\"]", + "OsVersion_string": "Microsoft Windows Server 2008 R2 Enterprise Service Pack 1 x64 6.1.7601", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:16:50 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST097, Agent Version: 2.1.1570.35, IP Address: (192.73.195.248), MAC Address: (A4C3F07D995C), Logged On Users: (), OS: Microsoft Windows 10 Enterprise x64 10.0.18362, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST097", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"192.168.0.107\"]", + "SrcMacAddr": "[\"A4C3F07D995C\"]", + "LoggedOnUsers": "[\"\"]", + "OsVersion_string": "Microsoft Windows 10 Enterprise x64 10.0.18362", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:30:16 sysloghost CylancePROTECT Event Type: Device, Event Name: Registration, Device Name: TESTHOST098, Zone Names: (), Device Id: 543f158c-92f0-4522-a812-cf8c4ac2cb68", + "EventType": "Device", + "EventName": "Registration", + "DeviceName": "TESTHOST098", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"\"]", + "SrcMacAddr": "[\"\"]", + "LoggedOnUsers": "[\"\"]", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:15:41 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST016, Agent Version: 2.1.1570.35, IP Address: (172.226.54.246), MAC Address: (000D3A064939), Logged On Users: (ABC\\test-user64, ABC\\test-user64, ABC\\test-user73), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST016", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.240.68.14\"]", + "SrcMacAddr": "[\"000D3A064939\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user10\\\",\" ABC\\\\test-user10\\\",\" ABC\\\\test-user10\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:29:03 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST042, Agent Version: 2.1.1570.35, IP Address: (172.220.154.28, 172.220.154.28), MAC Address: (005056AFAFDB, 005056B795E6), Logged On Users: (ABC\\test-user1, ABC\\test-user1, ABC\\test-user6), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST042", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.209.97.50\",\" 10.209.124.131\"]", + "SrcMacAddr": "[\"005056AFAFDB\",\" 005056B795E6\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user57\\\",\" ABC\\\\test-user57\\\",\" ABC\\\\test-user57\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:21:13 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST093, Agent Version: 2.1.1570.35, IP Address: (192.32.39.102), MAC Address: (005056946B28), Logged On Users: (ABC\\test-user9, ABC\\test-user9, ABC\\test-user76), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST093", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.228.182.50\"]", + "SrcMacAddr": "[\"005056946B28\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user34\\\",\" ABC\\\\test-user34\\\",\" ABC\\\\test-user34\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:22:30 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST014, Agent Version: 2.1.1570.35, IP Address: (172.102.50.154), MAC Address: (00505693B372), Logged On Users: (ABC\\test-user10, ABC\\test-user64), OS: Microsoft Windows Server 2012 R2 Standard x64 6.3.9600, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Domain Controller,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST014", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.80.65.17\"]", + "SrcMacAddr": "[\"00505693B372\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user26\\\",\" ABC\\\\test-user26\\\"]", + "OsVersion_string": "Microsoft Windows Server 2012 R2 Standard x64 6.3.9600", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"App - Server - Domain Controller\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 05:47:23 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST092, Agent Version: 2.1.1570.35, IP Address: (192.158.242.229), MAC Address: (00505691257B), Logged On Users: (ABC\\test-user79, ABC\\test-user79, ABC\\test-user79, ABC\\test-user79, ABC\\test-user79, ABC\\test-user79, ABC\\test-user79, ABC\\test-user79, ABC\\test-user79, ABC\\test-user79, ABC\\test-user79, ABC\\test-user79, ABC\\test-user79, ABC\\test-user79, ABC\\test-user79, ABC\\test-user79, ABC\\test-user79), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST092", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.228.182.154\"]", + "SrcMacAddr": "[\"00505691257B\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user30\\\",\" ABC\\\\test-user30\\\",\" ABC\\\\test-user30\\\",\" ABC\\\\test-user30\\\",\" ABC\\\\test-user30\\\",\" ABC\\\\test-user30\\\",\" ABC\\\\test-user30\\\",\" ABC\\\\test-user30\\\",\" ABC\\\\test-user30\\\",\" ABC\\\\test-user30\\\",\" ABC\\\\test-user30\\\",\" ABC\\\\test-user30\\\",\" ABC\\\\test-user30\\\",\" ABC\\\\test-user30\\\",\" ABC\\\\test-user30\\\",\" ABC\\\\test-user30\\\",\" ABC\\\\test-user30\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:27:28 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST026, Agent Version: 2.1.1570.35, IP Address: (10.180.236.210), MAC Address: (000D3AF7E10D), Logged On Users: (ABC\\test-user71), OS: Microsoft Windows Server 2016 Datacenter x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST026", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.240.80.76\"]", + "SrcMacAddr": "[\"000D3AF7E10D\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user98\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Datacenter x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 01:39:29 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST055, Agent Version: 2.1.1570.35, IP Address: (172.124.156.17), MAC Address: (005056B83FD4), Logged On Users: (ABC\\test-user51, ABC\\test-user99), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST055", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"157.47.30.39\"]", + "SrcMacAddr": "[\"005056B83FD4\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user66\\\",\" ABC\\\\test-user66\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:26:02 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST037, Agent Version: 2.1.1570.35, IP Address: (192.142.81.80), MAC Address: (00505693F53D), Logged On Users: (ABC\\test-user23, ABC\\test-user23, ABC\\test-user23, ABC\\test-user23, ABC\\test-user23, ABC\\test-user23, ABC\\test-user23, ABC\\test-user23, ABC\\test-user46), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST037", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.89.136.54\"]", + "SrcMacAddr": "[\"00505693F53D\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user4\\\",\" ABC\\\\test-user4\\\",\" ABC\\\\test-user4\\\",\" ABC\\\\test-user4\\\",\" ABC\\\\test-user4\\\",\" ABC\\\\test-user4\\\",\" ABC\\\\test-user4\\\",\" ABC\\\\test-user4\\\",\" ABC\\\\test-user4\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:16:47 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST052, Agent Version: 2.1.1570.35, IP Address: (172.151.40.70, 172.151.40.70, 172.151.40.70), MAC Address: (005056AF49C3, 005056AFAE88), Logged On Users: (ABC\\test-user64), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST052", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.210.101.74\",\" 10.210.101.77\",\" 10.210.124.133\"]", + "SrcMacAddr": "[\"005056AF49C3\",\" 005056AFAE88\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user26\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:30:17 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST098, Agent Version: 2.0.1540.8, IP Address: (192.149.65.111), MAC Address: (AC675D2DC72E), Logged On Users: (ABC\\test-user54), OS: Microsoft Windows 10 Enterprise x64 10.0.18362, Zone Names: ()", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST098", + "AgentVersion_string": "2.0.1540.8", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.90.144.64\"]", + "SrcMacAddr": "[\"AC675D2DC72E\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user52\\\"]", + "OsVersion_string": "Microsoft Windows 10 Enterprise x64 10.0.18362", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 01:40:46 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST039, Agent Version: 2.1.1570.35, IP Address: (192.11.148.202), MAC Address: (005056915861), Logged On Users: (ABC\\test-user66, ABC\\test-user66, ABC\\test-user66, ABC\\test-user66, ABC\\test-user66, ABC\\test-user66, ABC\\test-user66, ABC\\test-user66, ABC\\test-user66, ABC\\test-user66, ABC\\test-user66, ABC\\test-user66, ABC\\test-user66, ABC\\test-user66, ABC\\test-user66, ABC\\test-user67), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST039", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.228.136.10\"]", + "SrcMacAddr": "[\"005056915861\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user63\\\",\" ABC\\\\test-user63\\\",\" ABC\\\\test-user63\\\",\" ABC\\\\test-user63\\\",\" ABC\\\\test-user63\\\",\" ABC\\\\test-user63\\\",\" ABC\\\\test-user63\\\",\" ABC\\\\test-user63\\\",\" ABC\\\\test-user63\\\",\" ABC\\\\test-user63\\\",\" ABC\\\\test-user63\\\",\" ABC\\\\test-user63\\\",\" ABC\\\\test-user63\\\",\" ABC\\\\test-user63\\\",\" ABC\\\\test-user63\\\",\" ABC\\\\test-user63\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:16:49 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST095, Agent Version: 2.1.1570.35, IP Address: (172.221.230.67), MAC Address: (005056B32A96), Logged On Users: (ABC\\test-user31), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST095", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.170.98.20\"]", + "SrcMacAddr": "[\"005056B32A96\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user30\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:18:40 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST030, Agent Version: 2.1.1570.35, IP Address: (10.104.9.10), MAC Address: (005056933BD4), Logged On Users: (ABC\\test-user34, ABC\\test-user13), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST030", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.172.182.27\"]", + "SrcMacAddr": "[\"005056933BD4\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user81\\\",\" ABC\\\\test-user81\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:20:45 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST034, Agent Version: 2.1.1570.35, IP Address: (172.200.248.14), MAC Address: (00505694997A), Logged On Users: (ABC\\test-user14, ABC\\test-user33), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST034", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.228.182.156\"]", + "SrcMacAddr": "[\"00505694997A\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user84\\\",\" ABC\\\\test-user84\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 01:42:33 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST076, Agent Version: 2.1.1570.35, IP Address: (192.99.243.163), MAC Address: (E4B97A9E137F), Logged On Users: (ABC\\test-user82), OS: Microsoft Windows 10 Enterprise x64 10.0.18362, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST076", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.210.4.73\"]", + "SrcMacAddr": "[\"E4B97A9E137F\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user68\\\"]", + "OsVersion_string": "Microsoft Windows 10 Enterprise x64 10.0.18362", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:26:28 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST023, Agent Version: 2.1.1570.35, IP Address: (172.216.25.3), MAC Address: (000D3AF9D827), Logged On Users: (ABC\\test-user58, ABC\\test-user58, ABC\\test-user58, ABC\\test-user35), OS: Microsoft Windows Server 2016 Datacenter x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST023", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.240.68.6\"]", + "SrcMacAddr": "[\"000D3AF9D827\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user82\\\",\" ABC\\\\test-user82\\\",\" ABC\\\\test-user82\\\",\" ABC\\\\test-user82\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Datacenter x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:18:04 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST024, Agent Version: 2.1.1570.35, IP Address: (192.134.249.181), MAC Address: (000D3A6CBB38), Logged On Users: (ABC\\test-user13), OS: Microsoft Windows Server 2016 Datacenter x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST024", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.240.80.46\"]", + "SrcMacAddr": "[\"000D3A6CBB38\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user16\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Datacenter x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:30:50 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST077, Agent Version: 2.1.1570.35, IP Address: (192.25.50.96), MAC Address: (3C6AA7EEE1B1), Logged On Users: (ABC\\test-user43), OS: Microsoft Windows 10 Enterprise x64 10.0.17134, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST077", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"192.168.1.10\"]", + "SrcMacAddr": "[\"3C6AA7EEE1B1\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user86\\\"]", + "OsVersion_string": "Microsoft Windows 10 Enterprise x64 10.0.17134", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:26:32 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST097, Agent Version: 2.1.1570.35, IP Address: (192.45.245.206), MAC Address: (A4C3F07D995C), Logged On Users: (ABC\\test-user61), OS: Microsoft Windows 10 Enterprise x64 10.0.18362, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST097", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"192.168.0.107\"]", + "SrcMacAddr": "[\"A4C3F07D995C\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user24\\\"]", + "OsVersion_string": "Microsoft Windows 10 Enterprise x64 10.0.18362", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:27:04 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST036, Agent Version: 2.1.1570.35, IP Address: (172.252.219.141), MAC Address: (00505694BB32), Logged On Users: (ABC\\test-user80), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST036", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.228.182.36\"]", + "SrcMacAddr": "[\"00505694BB32\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user6\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:16:01 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST094, Agent Version: 2.1.1570.35, IP Address: (10.183.182.220), MAC Address: (E4B97ADED880), Logged On Users: (ABC\\test-user83), OS: Microsoft Windows 10 Enterprise x64 10.0.18362, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST094", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.170.10.186\"]", + "SrcMacAddr": "[\"E4B97ADED880\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user42\\\"]", + "OsVersion_string": "Microsoft Windows 10 Enterprise x64 10.0.18362", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 05:51:02 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST001, Agent Version: 2.1.1570.35, IP Address: (10.96.28.112), MAC Address: (000D3AFB93B1), Logged On Users: (ABC\\test-user29), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST001", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.240.228.8\"]", + "SrcMacAddr": "[\"000D3AFB93B1\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user63\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Server - Pilot\",\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:19:18 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST003, Agent Version: 2.1.1570.35, IP Address: (192.241.117.213), MAC Address: (000D3A6DB3DB), Logged On Users: (ABC\\test-user68, ABC\\test-user34), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST003", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.240.90.6\"]", + "SrcMacAddr": "[\"000D3A6DB3DB\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user39\\\",\" ABC\\\\test-user39\\\"]", + "OsVersion_string": "Microsoft Windows Server 2016 Standard x64 10.0.14393", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 05:46:41 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST044, Agent Version: 2.1.1570.35, IP Address: (10.219.183.227), MAC Address: (98E743762FFB), Logged On Users: (ABC\\test-user39), OS: Microsoft Windows 10 Enterprise x64 10.0.18362, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation)", + "EventType": "Device", + "EventName": "SystemSecurity", + "DeviceName": "TESTHOST044", + "AgentVersion_string": "2.1.1570.35", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.206.12.177\"]", + "SrcMacAddr": "[\"98E743762FFB\"]", + "LoggedOnUsers": "[\"ABC\\\\test-user94\\\"]", + "OsVersion_string": "Microsoft Windows 10 Enterprise x64 10.0.18362", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:37:40 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST004, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: b85f5b3e-396d-4169-a6e4-ab889fbc91d5, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST004", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "b85f5b3e-396d-4169-a6e4-ab889fbc91d5", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:58:35 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST004, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: b85f5b3e-396d-4169-a6e4-ab889fbc91d5, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST004", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "b85f5b3e-396d-4169-a6e4-ab889fbc91d5", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 04:59:23 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST005, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 528781a1-76ab-4de9-8cab-507cf95a3732, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST005", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "528781a1-76ab-4de9-8cab-507cf95a3732", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:43:54 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST005, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 528781a1-76ab-4de9-8cab-507cf95a3732, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST005", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "528781a1-76ab-4de9-8cab-507cf95a3732", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:56:02 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST005, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 528781a1-76ab-4de9-8cab-507cf95a3732, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST005", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "528781a1-76ab-4de9-8cab-507cf95a3732", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 01:45:08 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST006, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 0eb59bed-1f14-49c6-ae71-afbabd271d88, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST006", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "0eb59bed-1f14-49c6-ae71-afbabd271d88", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 22:39:45 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST006, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 0eb59bed-1f14-49c6-ae71-afbabd271d88, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST006", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "0eb59bed-1f14-49c6-ae71-afbabd271d88", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:34:28 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST006, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 0eb59bed-1f14-49c6-ae71-afbabd271d88, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST006", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "0eb59bed-1f14-49c6-ae71-afbabd271d88", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:56:17 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST006, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 0eb59bed-1f14-49c6-ae71-afbabd271d88, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST006", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "0eb59bed-1f14-49c6-ae71-afbabd271d88", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 22:40:28 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST007, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: e85980e1-a699-49c7-948c-fe02233a9d3e, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST007", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "e85980e1-a699-49c7-948c-fe02233a9d3e", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:44:45 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST007, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: e85980e1-a699-49c7-948c-fe02233a9d3e, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST007", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "e85980e1-a699-49c7-948c-fe02233a9d3e", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:34:24 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST007, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: e85980e1-a699-49c7-948c-fe02233a9d3e, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST007", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "e85980e1-a699-49c7-948c-fe02233a9d3e", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:55:23 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST007, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: e85980e1-a699-49c7-948c-fe02233a9d3e, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST007", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "e85980e1-a699-49c7-948c-fe02233a9d3e", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 04:59:45 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST008, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: b09e87b2-ef29-4d58-8dfa-0cbadc586492, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST008", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "b09e87b2-ef29-4d58-8dfa-0cbadc586492", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:43:03 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST008, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: b09e87b2-ef29-4d58-8dfa-0cbadc586492, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST008", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "b09e87b2-ef29-4d58-8dfa-0cbadc586492", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:55:03 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST008, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: b09e87b2-ef29-4d58-8dfa-0cbadc586492, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST008", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "b09e87b2-ef29-4d58-8dfa-0cbadc586492", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:36:09 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST009, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 2162b721-2d89-4f4e-b8d5-cda0944d5ac3, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST009", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "2162b721-2d89-4f4e-b8d5-cda0944d5ac3", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:57:12 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST009, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 2162b721-2d89-4f4e-b8d5-cda0944d5ac3, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST009", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "2162b721-2d89-4f4e-b8d5-cda0944d5ac3", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:38:07 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST010, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 1282f8b1-f930-478b-9f1b-3eb3266234e2, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST010", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "1282f8b1-f930-478b-9f1b-3eb3266234e2", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:59:56 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST010, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 1282f8b1-f930-478b-9f1b-3eb3266234e2, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST010", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "1282f8b1-f930-478b-9f1b-3eb3266234e2", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:41:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122240\\860\\CPUUsagePercent..., SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SVC-CLD-om_saa, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST011", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "[*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122240\\860\\CPUUsagePercent...", + "FileHashSha256": "fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440", + "Interpreter": "Powershell", + "InterpreterVersion": "6.3.9600.17396 (winblue_r4.141007-2030)", + "UserName": "SVC-CLD-om_saa", + "DeviceId": "a12029ff-7342-447e-9d39-ab33bd33a4d9", + "PolicyName": "Server - Standard - Additional Exclusions-AS Alert", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:36:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122240\\860\\CPUUsagePercent..., SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SVC-CLD-om_saa, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST011", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "[*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122240\\860\\CPUUsagePercent...", + "FileHashSha256": "fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440", + "Interpreter": "Powershell", + "InterpreterVersion": "6.3.9600.17396 (winblue_r4.141007-2030)", + "UserName": "SVC-CLD-om_saa", + "DeviceId": "a12029ff-7342-447e-9d39-ab33bd33a4d9", + "PolicyName": "Server - Standard - Additional Exclusions-AS Alert", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:56:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122240\\860\\CPUUsagePercent..., SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SVC-CLD-om_saa, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST011", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "[*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122240\\860\\CPUUsagePercent...", + "FileHashSha256": "fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440", + "Interpreter": "Powershell", + "InterpreterVersion": "6.3.9600.17396 (winblue_r4.141007-2030)", + "UserName": "SVC-CLD-om_saa", + "DeviceId": "a12029ff-7342-447e-9d39-ab33bd33a4d9", + "PolicyName": "Server - Standard - Additional Exclusions-AS Alert", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:41:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122244\\3239\\CPUUsagePercen..., SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SVC-ENT-SCOM-SA, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST011", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "[*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122244\\3239\\CPUUsagePercen...", + "FileHashSha256": "fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440", + "Interpreter": "Powershell", + "InterpreterVersion": "6.3.9600.17396 (winblue_r4.141007-2030)", + "UserName": "SVC-ENT-SCOM-SA", + "DeviceId": "a12029ff-7342-447e-9d39-ab33bd33a4d9", + "PolicyName": "Server - Standard - Additional Exclusions-AS Alert", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:36:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122244\\3239\\CPUUsagePercen..., SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SVC-ENT-SCOM-SA, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST011", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "[*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122244\\3239\\CPUUsagePercen...", + "FileHashSha256": "fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440", + "Interpreter": "Powershell", + "InterpreterVersion": "6.3.9600.17396 (winblue_r4.141007-2030)", + "UserName": "SVC-ENT-SCOM-SA", + "DeviceId": "a12029ff-7342-447e-9d39-ab33bd33a4d9", + "PolicyName": "Server - Standard - Additional Exclusions-AS Alert", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:56:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122244\\3239\\CPUUsagePercen..., SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SVC-ENT-SCOM-SA, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST011", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "[*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122244\\3239\\CPUUsagePercen...", + "FileHashSha256": "fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440", + "Interpreter": "Powershell", + "InterpreterVersion": "6.3.9600.17396 (winblue_r4.141007-2030)", + "UserName": "SVC-ENT-SCOM-SA", + "DeviceId": "a12029ff-7342-447e-9d39-ab33bd33a4d9", + "PolicyName": "Server - Standard - Additional Exclusions-AS Alert", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:51:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122244\\3239\\CPUUsagePercen..., SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SVC-ENT-SCOM-SA, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST011", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "[*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122244\\3239\\CPUUsagePercen...", + "FileHashSha256": "fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440", + "Interpreter": "Powershell", + "InterpreterVersion": "6.3.9600.17396 (winblue_r4.141007-2030)", + "UserName": "SVC-ENT-SCOM-SA", + "DeviceId": "a12029ff-7342-447e-9d39-ab33bd33a4d9", + "PolicyName": "Server - Standard - Additional Exclusions-AS Alert", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 01:45:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122241\\4354\\LogEndToEndEvent.ps1', SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SYSTEM, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST011", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "[*COMMAND*] & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122241\\4354\\LogEndToEndEvent.ps1'", + "FileHashSha256": "fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440", + "Interpreter": "Powershell", + "InterpreterVersion": "6.3.9600.17396 (winblue_r4.141007-2030)", + "UserName": "SYSTEM", + "DeviceId": "a12029ff-7342-447e-9d39-ab33bd33a4d9", + "PolicyName": "Server - Standard - Additional Exclusions-AS Alert", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:00:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122241\\4354\\LogEndToEndEvent.ps1', SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SYSTEM, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST011", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "[*COMMAND*] & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122241\\4354\\LogEndToEndEvent.ps1'", + "FileHashSha256": "fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440", + "Interpreter": "Powershell", + "InterpreterVersion": "6.3.9600.17396 (winblue_r4.141007-2030)", + "UserName": "SYSTEM", + "DeviceId": "a12029ff-7342-447e-9d39-ab33bd33a4d9", + "PolicyName": "Server - Standard - Additional Exclusions-AS Alert", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:57:59 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122246\\162203\\GeneralAlway..., SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SYSTEM, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST011", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "[*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 122246\\162203\\GeneralAlway...", + "FileHashSha256": "fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440", + "Interpreter": "Powershell", + "InterpreterVersion": "6.3.9600.17396 (winblue_r4.141007-2030)", + "UserName": "SYSTEM", + "DeviceId": "a12029ff-7342-447e-9d39-ab33bd33a4d9", + "PolicyName": "Server - Standard - Additional Exclusions-AS Alert", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 01:45:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST012, File Path: [*COMMAND*] & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 47\\2476\\LogEndToEndEvent.ps1', SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server), User Name: SYSTEM, Device Id: f9655770-6ef8-45fe-8d88-76eca1e61f7c, Policy Name: Server - Standard - Additional Exclusions-AS Alert", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST012", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "[*COMMAND*] & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 47\\2476\\LogEndToEndEvent.ps1'", + "FileHashSha256": "fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440", + "Interpreter": "Powershell", + "InterpreterVersion": "6.3.9600.17396 (winblue_r4.141007-2030)", + "UserName": "SYSTEM", + "DeviceId": "f9655770-6ef8-45fe-8d88-76eca1e61f7c", + "PolicyName": "Server - Standard - Additional Exclusions-AS Alert", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:00:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST012, File Path: [*COMMAND*] & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 47\\2476\\LogEndToEndEvent.ps1', SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server), User Name: SYSTEM, Device Id: f9655770-6ef8-45fe-8d88-76eca1e61f7c, Policy Name: Server - Standard - Additional Exclusions-AS Alert", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST012", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "[*COMMAND*] & 'C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\Monitoring Host Temporary Files 47\\2476\\LogEndToEndEvent.ps1'", + "FileHashSha256": "fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440", + "Interpreter": "Powershell", + "InterpreterVersion": "6.3.9600.17396 (winblue_r4.141007-2030)", + "UserName": "SYSTEM", + "DeviceId": "f9655770-6ef8-45fe-8d88-76eca1e61f7c", + "PolicyName": "Server - Standard - Additional Exclusions-AS Alert", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 03:39:02 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST02, External Device Type: iOS, External Device Vendor ID: 05AC, External Device Name: PTP, External Device Product ID: 12A8, External Device Serial Number: 4fcdd14febe17ba6c72754dfc6070a1f200565ed, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3), Device Id: 77532117-72a1-4902-ac28-7b4a3bb2356f, Policy Name: Default", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST02", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "77532117-72a1-4902-ac28-7b4a3bb2356f", + "PolicyName": "Default", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "iOS", + "ExtDeviceVendorId": "05AC", + "ExtDeviceName": "PTP", + "ExtDeviceProductId": "12A8", + "ExtDeviceSerialNumber": "4fcdd14febe17ba6c72754dfc6070a1f200565ed", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 06:25:16 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST024, External Device Type: WPD, External Device Vendor ID: 22D9, External Device Name: SDM665-IDP _SN:6B1261F1, External Device Product ID: 2764, External Device Serial Number: 6b1261f1, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 595ad5ae-93bf-411a-a15a-2b95157b262d, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST024", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "595ad5ae-93bf-411a-a15a-2b95157b262d", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "22D9", + "ExtDeviceName": "SDM665-IDP _SN:6B1261F1", + "ExtDeviceProductId": "2764", + "ExtDeviceSerialNumber": "6b1261f1", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 03:14:22 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST024, External Device Type: USBCDDVDRW, External Device Vendor ID: 22D9, External Device Name: Linux File-CD Gadget USB Device, External Device Product ID: 2773, External Device Serial Number: a526966e, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 595ad5ae-93bf-411a-a15a-2b95157b262d, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST024", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "595ad5ae-93bf-411a-a15a-2b95157b262d", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "USBCDDVDRW", + "ExtDeviceVendorId": "22D9", + "ExtDeviceName": "Linux File-CD Gadget USB Device", + "ExtDeviceProductId": "2773", + "ExtDeviceSerialNumber": "a526966e", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:00:02 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Alert, Device Name: TESTHOST025, File Path: d:\\madhu\\act\\backupreport.ps1, SHA256: FCB3BF73261922F8923D135D34FC6C2A30571AA1AB098773E6B5442D48D813B3, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 3,App - Server - SCCM,Device Type - Server), User Name: SVC-ENT-SCORCH, Device Id: 4f61c1cd-4abb-42cc-993b-a0b5066adfdb, Policy Name: Server - SCCM - PS Alert", + "EventType": "ScriptControl", + "EventName": "Alert", + "DeviceName": "TESTHOST025", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\madhu\\act\\backupreport.ps1", + "FileHashSha256": "FCB3BF73261922F8923D135D34FC6C2A30571AA1AB098773E6B5442D48D813B3", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SVC-ENT-SCORCH", + "DeviceId": "4f61c1cd-4abb-42cc-993b-a0b5066adfdb", + "PolicyName": "Server - SCCM - PS Alert", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:55:51 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (172.202.226.155), File Name: MBX@496C@3AD1B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user84, SHA256: 179698933DD6368A735FCCCE6113CDCA24DEECBD17DB1E44B872D8E2F001425B, MD5: 9A551F53B059AB4165A5CAB670BF9092, Status: Quarantined, Cylance Score: 69, Found Date: 11/30/2020 2:55:51 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_quarantined", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "179698933DD6368A735FCCCE6113CDCA24DEECBD17DB1E44B872D8E2F001425B", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@496C@3AD1B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "9A551F53B059AB4165A5CAB670BF9092", + "Status": "Quarantined", + "CylanceScore": "69", + "FoundDate": "11/30/2020 14:55", + "FileType": "Executable", + "IsRunning": "TRUE", + "AutoRun": "FALSE", + "DetectedBy": "ExecutionControl", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:55:51 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (192.194.26.152), File Name: MBX@496C@3AD1B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user32, SHA256: 179698933DD6368A735FCCCE6113CDCA24DEECBD17DB1E44B872D8E2F001425B, MD5: 9A551F53B059AB4165A5CAB670BF9092, Status: Quarantined, Cylance Score: 69, Found Date: 11/30/2020 2:55:52 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_changed", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "179698933DD6368A735FCCCE6113CDCA24DEECBD17DB1E44B872D8E2F001425B", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@496C@3AD1B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "9A551F53B059AB4165A5CAB670BF9092", + "Status": "Quarantined", + "CylanceScore": "69", + "FoundDate": "11/30/2020 14:55", + "FileType": "Executable", + "IsRunning": "FALSE", + "AutoRun": "FALSE", + "DetectedBy": "ExecutionControl", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:51:46 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (172.176.21.17), File Name: MBX@20CC@31B1B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user85, SHA256: 9A60C0D3897FD1EC03899F876AE27E1BFE9E872B79D6881579DFB0A4A6D09D42, MD5: D2EC4BD891175BB7725626497B90F09A, Status: Quarantined, Cylance Score: 63, Found Date: 11/30/2020 2:51:46 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_changed", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "9A60C0D3897FD1EC03899F876AE27E1BFE9E872B79D6881579DFB0A4A6D09D42", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@20CC@31B1B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "D2EC4BD891175BB7725626497B90F09A", + "Status": "Quarantined", + "CylanceScore": "63", + "FoundDate": "11/30/2020 14:51", + "FileType": "Executable", + "IsRunning": "FALSE", + "AutoRun": "FALSE", + "DetectedBy": "ExecutionControl", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:51:46 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (172.6.81.93), File Name: MBX@20CC@31B1B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user81, SHA256: 9A60C0D3897FD1EC03899F876AE27E1BFE9E872B79D6881579DFB0A4A6D09D42, MD5: D2EC4BD891175BB7725626497B90F09A, Status: Quarantined, Cylance Score: 63, Found Date: 11/30/2020 2:51:46 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_quarantined", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "9A60C0D3897FD1EC03899F876AE27E1BFE9E872B79D6881579DFB0A4A6D09D42", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@20CC@31B1B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "D2EC4BD891175BB7725626497B90F09A", + "Status": "Quarantined", + "CylanceScore": "63", + "FoundDate": "11/30/2020 14:51", + "FileType": "Executable", + "IsRunning": "TRUE", + "AutoRun": "FALSE", + "DetectedBy": "ExecutionControl", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:50:26 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (172.135.133.117), File Name: MBX@41E8@3A01B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user90, SHA256: 95312004B3C192E450485B1485C736438EAA8E12752E3BCE3FEFEEFE6D93E0B7, MD5: FAB721168E94399032EF962BC57EC86B, Status: Quarantined, Cylance Score: 68, Found Date: 11/30/2020 2:50:26 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_changed", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "95312004B3C192E450485B1485C736438EAA8E12752E3BCE3FEFEEFE6D93E0B7", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@41E8@3A01B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "FAB721168E94399032EF962BC57EC86B", + "Status": "Quarantined", + "CylanceScore": "68", + "FoundDate": "11/30/2020 14:50", + "FileType": "Executable", + "IsRunning": "FALSE", + "AutoRun": "FALSE", + "DetectedBy": "ExecutionControl", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:50:26 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (192.79.71.98), File Name: MBX@41E8@3A01B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user4, SHA256: 95312004B3C192E450485B1485C736438EAA8E12752E3BCE3FEFEEFE6D93E0B7, MD5: FAB721168E94399032EF962BC57EC86B, Status: Quarantined, Cylance Score: 68, Found Date: 11/30/2020 2:50:26 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_quarantined", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "95312004B3C192E450485B1485C736438EAA8E12752E3BCE3FEFEEFE6D93E0B7", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@41E8@3A01B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "FAB721168E94399032EF962BC57EC86B", + "Status": "Quarantined", + "CylanceScore": "68", + "FoundDate": "11/30/2020 14:50", + "FileType": "Executable", + "IsRunning": "TRUE", + "AutoRun": "FALSE", + "DetectedBy": "ExecutionControl", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:50:10 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (172.105.153.25), File Name: MBX@1E38@3A71B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user8, SHA256: 67BD12CE95ECEE1EFD315D076D8C772C8998F409A49D6F26773AA5849BFD7EBF, MD5: 0CBF6CCD73AB58DEA565AD41C32ECA8D, Status: Quarantined, Cylance Score: 68, Found Date: 11/30/2020 2:50:10 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_quarantined", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "67BD12CE95ECEE1EFD315D076D8C772C8998F409A49D6F26773AA5849BFD7EBF", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@1E38@3A71B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "0CBF6CCD73AB58DEA565AD41C32ECA8D", + "Status": "Quarantined", + "CylanceScore": "68", + "FoundDate": "11/30/2020 14:50", + "FileType": "Executable", + "IsRunning": "TRUE", + "AutoRun": "FALSE", + "DetectedBy": "ExecutionControl", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:50:10 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (172.112.111.163), File Name: MBX@1E38@3A71B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user97, SHA256: 67BD12CE95ECEE1EFD315D076D8C772C8998F409A49D6F26773AA5849BFD7EBF, MD5: 0CBF6CCD73AB58DEA565AD41C32ECA8D, Status: Quarantined, Cylance Score: 68, Found Date: 11/30/2020 2:50:10 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_changed", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "67BD12CE95ECEE1EFD315D076D8C772C8998F409A49D6F26773AA5849BFD7EBF", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@1E38@3A71B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "0CBF6CCD73AB58DEA565AD41C32ECA8D", + "Status": "Quarantined", + "CylanceScore": "68", + "FoundDate": "11/30/2020 14:50", + "FileType": "Executable", + "IsRunning": "FALSE", + "AutoRun": "FALSE", + "DetectedBy": "ExecutionControl", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:49:35 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (192.147.148.170), File Name: MBX@52DC@39D1B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user57, SHA256: 4344B4702D544149C0C60729125E822E6D60A187302F13D772B4D85976B02AC9, MD5: 3EE72502F87F904A5655F0A2E469FE7A, Status: Quarantined, Cylance Score: 61, Found Date: 11/30/2020 2:49:35 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_quarantined", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "4344B4702D544149C0C60729125E822E6D60A187302F13D772B4D85976B02AC9", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@52DC@39D1B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "3EE72502F87F904A5655F0A2E469FE7A", + "Status": "Quarantined", + "CylanceScore": "61", + "FoundDate": "11/30/2020 14:49", + "FileType": "Executable", + "IsRunning": "TRUE", + "AutoRun": "FALSE", + "DetectedBy": "ExecutionControl", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:49:35 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (192.53.226.60), File Name: MBX@165C@39C1B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user46, SHA256: 6D0B5495D362C7C32A6C1994B1C2D49C48824DA098DC1FFBBEC753202EB0C3A9, MD5: A15493287808F1E706C0DB6401C56CA5, Status: Quarantined, Cylance Score: 52, Found Date: 11/30/2020 2:49:36 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_changed", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "6D0B5495D362C7C32A6C1994B1C2D49C48824DA098DC1FFBBEC753202EB0C3A9", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@165C@39C1B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "A15493287808F1E706C0DB6401C56CA5", + "Status": "Quarantined", + "CylanceScore": "52", + "FoundDate": "11/30/2020 14:49", + "FileType": "Executable", + "IsRunning": "FALSE", + "AutoRun": "FALSE", + "DetectedBy": "ExecutionControl", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:49:35 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (172.94.76.244), File Name: MBX@52DC@39D1B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user23, SHA256: 4344B4702D544149C0C60729125E822E6D60A187302F13D772B4D85976B02AC9, MD5: 3EE72502F87F904A5655F0A2E469FE7A, Status: Quarantined, Cylance Score: 61, Found Date: 11/30/2020 2:49:36 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_changed", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "4344B4702D544149C0C60729125E822E6D60A187302F13D772B4D85976B02AC9", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@52DC@39D1B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "3EE72502F87F904A5655F0A2E469FE7A", + "Status": "Quarantined", + "CylanceScore": "61", + "FoundDate": "11/30/2020 14:49", + "FileType": "Executable", + "IsRunning": "FALSE", + "AutoRun": "FALSE", + "DetectedBy": "ExecutionControl", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:49:35 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (10.64.26.18), File Name: MBX@165C@39C1B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user62, SHA256: 6D0B5495D362C7C32A6C1994B1C2D49C48824DA098DC1FFBBEC753202EB0C3A9, MD5: A15493287808F1E706C0DB6401C56CA5, Status: Quarantined, Cylance Score: 52, Found Date: 11/30/2020 2:49:35 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_quarantined", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "6D0B5495D362C7C32A6C1994B1C2D49C48824DA098DC1FFBBEC753202EB0C3A9", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@165C@39C1B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "A15493287808F1E706C0DB6401C56CA5", + "Status": "Quarantined", + "CylanceScore": "52", + "FoundDate": "11/30/2020 14:49", + "FileType": "Executable", + "IsRunning": "TRUE", + "AutoRun": "FALSE", + "DetectedBy": "ExecutionControl", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:49:21 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (10.227.72.213), File Name: MBX@4468@3A51B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user65, SHA256: 7E4DA5AAEF09B09138C84BC4D06B2BE7F92B4069A58077A044135A6406C86547, MD5: 1219CD69638731CDCADE5E3C0A83096C, Status: Quarantined, Cylance Score: 61, Found Date: 11/30/2020 2:49:21 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_quarantined", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "7E4DA5AAEF09B09138C84BC4D06B2BE7F92B4069A58077A044135A6406C86547", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@4468@3A51B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "1219CD69638731CDCADE5E3C0A83096C", + "Status": "Quarantined", + "CylanceScore": "61", + "FoundDate": "11/30/2020 14:49", + "FileType": "Executable", + "IsRunning": "TRUE", + "AutoRun": "FALSE", + "DetectedBy": "ExecutionControl", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:49:21 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (172.59.214.243), File Name: MBX@4C08@3B21B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user23, SHA256: DDA6C2D271953EC588D522F0D06AC5972D496EC945062DFDB5A4568B153DDC19, MD5: 995CED34B4AC46B1147A476D5EFD1C6C, Status: Quarantined, Cylance Score: 64, Found Date: 11/30/2020 2:49:22 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_changed", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "DDA6C2D271953EC588D522F0D06AC5972D496EC945062DFDB5A4568B153DDC19", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@4C08@3B21B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "995CED34B4AC46B1147A476D5EFD1C6C", + "Status": "Quarantined", + "CylanceScore": "64", + "FoundDate": "11/30/2020 14:49", + "FileType": "Executable", + "IsRunning": "FALSE", + "AutoRun": "FALSE", + "DetectedBy": "ExecutionControl", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:49:21 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (172.163.87.136), File Name: MBX@4468@3A51B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user74, SHA256: 7E4DA5AAEF09B09138C84BC4D06B2BE7F92B4069A58077A044135A6406C86547, MD5: 1219CD69638731CDCADE5E3C0A83096C, Status: Quarantined, Cylance Score: 61, Found Date: 11/30/2020 2:49:22 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_changed", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "7E4DA5AAEF09B09138C84BC4D06B2BE7F92B4069A58077A044135A6406C86547", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@4468@3A51B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "1219CD69638731CDCADE5E3C0A83096C", + "Status": "Quarantined", + "CylanceScore": "61", + "FoundDate": "11/30/2020 14:49", + "FileType": "Executable", + "IsRunning": "FALSE", + "AutoRun": "FALSE", + "DetectedBy": "ExecutionControl", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:49:21 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (10.207.4.239), File Name: MBX@4C08@3B21B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user41, SHA256: DDA6C2D271953EC588D522F0D06AC5972D496EC945062DFDB5A4568B153DDC19, MD5: 995CED34B4AC46B1147A476D5EFD1C6C, Status: Quarantined, Cylance Score: 64, Found Date: 11/30/2020 2:49:21 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_quarantined", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "DDA6C2D271953EC588D522F0D06AC5972D496EC945062DFDB5A4568B153DDC19", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@4C08@3B21B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "995CED34B4AC46B1147A476D5EFD1C6C", + "Status": "Quarantined", + "CylanceScore": "64", + "FoundDate": "11/30/2020 14:49", + "FileType": "Executable", + "IsRunning": "TRUE", + "AutoRun": "FALSE", + "DetectedBy": "ExecutionControl", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:16:23 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (172.236.96.225), File Name: MBX@2970@3B21B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user26, SHA256: 173F59A7141AC5AF2A2B225DB3E8DCFD1C9F041B008506D821428A1DFA368AE0, MD5: 68AD7C10B9700251F5A266DD4822FAD9, Status: Quarantined, Cylance Score: 66, Found Date: 11/30/2020 2:16:23 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_quarantined", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "173F59A7141AC5AF2A2B225DB3E8DCFD1C9F041B008506D821428A1DFA368AE0", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@2970@3B21B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "68AD7C10B9700251F5A266DD4822FAD9", + "Status": "Quarantined", + "CylanceScore": "66", + "FoundDate": "11/30/2020 14:16", + "FileType": "Executable", + "IsRunning": "TRUE", + "AutoRun": "FALSE", + "DetectedBy": "FileWatcher", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:16:23 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (172.52.253.151), File Name: MBX@2970@3B21B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user72, SHA256: 173F59A7141AC5AF2A2B225DB3E8DCFD1C9F041B008506D821428A1DFA368AE0, MD5: 68AD7C10B9700251F5A266DD4822FAD9, Status: Quarantined, Cylance Score: 66, Found Date: 11/30/2020 2:16:24 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_changed", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "173F59A7141AC5AF2A2B225DB3E8DCFD1C9F041B008506D821428A1DFA368AE0", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@2970@3B21B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "68AD7C10B9700251F5A266DD4822FAD9", + "Status": "Quarantined", + "CylanceScore": "66", + "FoundDate": "11/30/2020 14:16", + "FileType": "Executable", + "IsRunning": "FALSE", + "AutoRun": "FALSE", + "DetectedBy": "FileWatcher", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:15:49 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (172.101.81.70), File Name: MBX@4994@3A01B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user13, SHA256: 75B92660B6EB4FB1B848CC08CBB591CEF729FAA02C43086DD3B88494B75FD004, MD5: CC01091318C86C6A8FFA1150B7BE7F17, Status: Quarantined, Cylance Score: 68, Found Date: 11/30/2020 2:15:49 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_quarantined", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "75B92660B6EB4FB1B848CC08CBB591CEF729FAA02C43086DD3B88494B75FD004", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@4994@3A01B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "CC01091318C86C6A8FFA1150B7BE7F17", + "Status": "Quarantined", + "CylanceScore": "68", + "FoundDate": "11/30/2020 14:15", + "FileType": "Executable", + "IsRunning": "TRUE", + "AutoRun": "FALSE", + "DetectedBy": "FileWatcher", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:15:49 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (192.209.112.91), File Name: MBX@4994@3A01B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user63, SHA256: 75B92660B6EB4FB1B848CC08CBB591CEF729FAA02C43086DD3B88494B75FD004, MD5: CC01091318C86C6A8FFA1150B7BE7F17, Status: Quarantined, Cylance Score: 68, Found Date: 11/30/2020 2:15:49 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_changed", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "75B92660B6EB4FB1B848CC08CBB591CEF729FAA02C43086DD3B88494B75FD004", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@4994@3A01B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "CC01091318C86C6A8FFA1150B7BE7F17", + "Status": "Quarantined", + "CylanceScore": "68", + "FoundDate": "11/30/2020 14:15", + "FileType": "Executable", + "IsRunning": "FALSE", + "AutoRun": "FALSE", + "DetectedBy": "FileWatcher", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:15:37 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (10.159.74.31), File Name: MBX@2CE8@3991B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user39, SHA256: 1093CECFE64612EF7EFBC3F91A94C899FA8BEE45529403669385CF2DF0ED1435, MD5: 1AAFDAD28E362C660770B9E14971092C, Status: Quarantined, Cylance Score: 55, Found Date: 11/30/2020 2:15:37 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_quarantined", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "1093CECFE64612EF7EFBC3F91A94C899FA8BEE45529403669385CF2DF0ED1435", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@2CE8@3991B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "1AAFDAD28E362C660770B9E14971092C", + "Status": "Quarantined", + "CylanceScore": "55", + "FoundDate": "11/30/2020 14:15", + "FileType": "Executable", + "IsRunning": "TRUE", + "AutoRun": "FALSE", + "DetectedBy": "FileWatcher", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:15:37 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (172.51.242.31), File Name: MBX@2CE8@3991B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user67, SHA256: 1093CECFE64612EF7EFBC3F91A94C899FA8BEE45529403669385CF2DF0ED1435, MD5: 1AAFDAD28E362C660770B9E14971092C, Status: Quarantined, Cylance Score: 55, Found Date: 11/30/2020 2:15:37 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_changed", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "1093CECFE64612EF7EFBC3F91A94C899FA8BEE45529403669385CF2DF0ED1435", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@2CE8@3991B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "1AAFDAD28E362C660770B9E14971092C", + "Status": "Quarantined", + "CylanceScore": "55", + "FoundDate": "11/30/2020 14:15", + "FileType": "Executable", + "IsRunning": "FALSE", + "AutoRun": "FALSE", + "DetectedBy": "FileWatcher", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:15:26 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (172.217.224.140), File Name: MBX@18A4@3B31B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user75, SHA256: 3D3FA86221DFB7CF844678AC0C1BE2128C3C48EB01EBEA27BDC8EC758FE8EA7B, MD5: 72738F84DA72B5D399F48CBFC8DC0646, Status: Quarantined, Cylance Score: 62, Found Date: 11/30/2020 2:15:26 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_quarantined", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "3D3FA86221DFB7CF844678AC0C1BE2128C3C48EB01EBEA27BDC8EC758FE8EA7B", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@18A4@3B31B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "72738F84DA72B5D399F48CBFC8DC0646", + "Status": "Quarantined", + "CylanceScore": "62", + "FoundDate": "11/30/2020 14:15", + "FileType": "Executable", + "IsRunning": "TRUE", + "AutoRun": "FALSE", + "DetectedBy": "FileWatcher", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:15:26 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (192.187.18.183), File Name: MBX@18A4@3B31B30.###, Path: C:\\Users\\testuser\\AppData\\Local\\Temp\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user56, SHA256: 3D3FA86221DFB7CF844678AC0C1BE2128C3C48EB01EBEA27BDC8EC758FE8EA7B, MD5: 72738F84DA72B5D399F48CBFC8DC0646, Status: Quarantined, Cylance Score: 62, Found Date: 11/30/2020 2:15:27 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard", + "EventType": "Threat", + "EventName": "threat_changed", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.162.64.147\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "3D3FA86221DFB7CF844678AC0C1BE2128C3C48EB01EBEA27BDC8EC758FE8EA7B", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "PolicyName": "Workstation - Standard", + "FileName": "MBX@18A4@3B31B30.###", + "Path": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "72738F84DA72B5D399F48CBFC8DC0646", + "Status": "Quarantined", + "CylanceScore": "62", + "FoundDate": "11/30/2020 14:15", + "FileType": "Executable", + "IsRunning": "FALSE", + "AutoRun": "FALSE", + "DetectedBy": "FileWatcher", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "{\"AV Industry\": \"N/A\", \"Access Time\": \"11/30/2020 2:48:59 PM\", \"Auto Run\": \"False\", \"Cert Issuer\": \"N/A\", \"Cert Publisher\": \"N/A\", \"Cert Subject\": \"N/A\", \"Cert Timestamp\": \"N/A\", \"Classification\": \"N/A\", \"Company Name\": \"N/A\", \"Copyright\": \"N/A\", \"Create Time\": \"11/30/2020 2:48:59 PM\", \"Cylance Score\": \"64\", \"Description\": \"N/A\", \"Detected By\": \"Execution Control\", \"DeviceName\": \"TESTHOST029\", \"Drive Type\": \"Internal Hard Drive\", \"Ever Run\": \"True\", \"File Name\": \"MBX@4C08@3B21B30.###\", \"File Owner\": \"ABC\\\\testuser\", \"File Path\": \"C:\\\\Users\\\\testuser\\\\AppData\\\\Local\\\\Temp\\\\MBX@4C08@3B21B30.###\", \"File Size (bytes)\": \"2048\", \"File Status\": \"quarantined\", \"File Version\": \"N/A\", \"First Found\": \"11/30/2020 2:49:22 PM\", \"Global Quarantined\": \"No\", \"Last Found\": \"11/30/2020 9:09:24 PM\", \"MD5\": \"995CED34B4AC46B1147A476D5EFD1C6C\", \"Modification Time\": \"11/30/2020 2:48:59 PM\", \"Product Name\": \"N/A\", \"Running\": \"False\", \"SHA256\": \"DDA6C2D271953EC588D522F0D06AC5972D496EC945062DFDB5A4568B153DDC19\", \"Safelisted\": \"No\", \"Serial Number\": \"333b84cb-5eb3-4733-b57b-5a17d06f8043\", \"Signature Status\": \"No Signature\", \"Signed\": \"False\", \"Tenant\": \"ABC\"}", + "EventType": "", + "EventName": "", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"\"]", + "SrcMacAddr": "[\"\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"\"]", + "ZoneNames_string": "", + "FilePath": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\MBX@4C08@3B21B30.###", + "FileHashSha256": "DDA6C2D271953EC588D522F0D06AC5972D496EC945062DFDB5A4568B153DDC19", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "MBX@4C08@3B21B30.###", + "Path": "", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "995CED34B4AC46B1147A476D5EFD1C6C", + "Status": "", + "CylanceScore": "64", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "FALSE", + "DetectedBy": "Execution Control", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "Tenant": "ABC", + "AvIndustry": "N/A", + "AccessTime": "11/30/2020 14:48", + "CertIssuer": "N/A", + "CertPublisher": "N/A", + "CertSubject": "N/A", + "CertTimestamp": "N/A", + "Classification_": "N/A", + "CompanyName": "N/A", + "Copyright": "N/A", + "CreateTime": "11/30/2020 14:48", + "Description": "N/A", + "EverRun": "TRUE", + "FileOwner": "ABC\\testuser09", + "FileSize": "2048", + "FileStatus": "quarantined", + "FileVersion": "N/A", + "FirstFound": "11/30/2020 14:49", + "GlobalQuarantined": "No", + "LastFound": "11/30/2020 21:09", + "ModificationTime": "11/30/2020 14:48", + "ProductName": "N/A", + "Running": "FALSE", + "Safelisted": "No", + "SignatureStatus": "No Signature", + "Signed": "FALSE" + }, + { + "SyslogMessage": "{\"AV Industry\": \"N/A\", \"Access Time\": \"11/30/2020 2:51:15 PM\", \"Auto Run\": \"False\", \"Cert Issuer\": \"N/A\", \"Cert Publisher\": \"N/A\", \"Cert Subject\": \"N/A\", \"Cert Timestamp\": \"N/A\", \"Classification\": \"N/A\", \"Company Name\": \"N/A\", \"Copyright\": \"N/A\", \"Create Time\": \"11/30/2020 2:51:15 PM\", \"Cylance Score\": \"63\", \"Description\": \"N/A\", \"Detected By\": \"Execution Control\", \"DeviceName\": \"TESTHOST029\", \"Drive Type\": \"Internal Hard Drive\", \"Ever Run\": \"True\", \"File Name\": \"MBX@20CC@31B1B30.###\", \"File Owner\": \"ABC\\\\testuser\", \"File Path\": \"C:\\\\Users\\\\testuser\\\\AppData\\\\Local\\\\Temp\\\\MBX@20CC@31B1B30.###\", \"File Size (bytes)\": \"2048\", \"File Status\": \"quarantined\", \"File Version\": \"N/A\", \"First Found\": \"11/30/2020 2:51:46 PM\", \"Global Quarantined\": \"No\", \"Last Found\": \"11/30/2020 9:09:24 PM\", \"MD5\": \"D2EC4BD891175BB7725626497B90F09A\", \"Modification Time\": \"11/30/2020 2:51:15 PM\", \"Product Name\": \"N/A\", \"Running\": \"False\", \"SHA256\": \"9A60C0D3897FD1EC03899F876AE27E1BFE9E872B79D6881579DFB0A4A6D09D42\", \"Safelisted\": \"No\", \"Serial Number\": \"333b84cb-5eb3-4733-b57b-5a17d06f8043\", \"Signature Status\": \"No Signature\", \"Signed\": \"False\", \"Tenant\": \"ABC\"}", + "EventType": "", + "EventName": "", + "DeviceName": "TESTHOST029", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"\"]", + "SrcMacAddr": "[\"\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"\"]", + "ZoneNames_string": "", + "FilePath": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\MBX@20CC@31B1B30.###", + "FileHashSha256": "9A60C0D3897FD1EC03899F876AE27E1BFE9E872B79D6881579DFB0A4A6D09D42", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "MBX@20CC@31B1B30.###", + "Path": "", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "D2EC4BD891175BB7725626497B90F09A", + "Status": "", + "CylanceScore": "63", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "FALSE", + "DetectedBy": "Execution Control", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "Tenant": "ABC", + "AvIndustry": "N/A", + "AccessTime": "11/30/2020 14:51", + "CertIssuer": "N/A", + "CertPublisher": "N/A", + "CertSubject": "N/A", + "CertTimestamp": "N/A", + "Classification_": "N/A", + "CompanyName": "N/A", + "Copyright": "N/A", + "CreateTime": "11/30/2020 14:51", + "Description": "N/A", + "EverRun": "TRUE", + "FileOwner": "ABC\\testuser09", + "FileSize": "2048", + "FileStatus": "quarantined", + "FileVersion": "N/A", + "FirstFound": "11/30/2020 14:51", + "GlobalQuarantined": "No", + "LastFound": "11/30/2020 21:09", + "ModificationTime": "11/30/2020 14:51", + "ProductName": "N/A", + "Running": "FALSE", + "Safelisted": "No", + "SignatureStatus": "No Signature", + "Signed": "FALSE" + }, + { + "SyslogMessage": "Dec 1 06:59:09 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST031, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: MTP, External Device Product ID: 6860, External Device Serial Number: RF8N803A8ZF, Zone Names: (Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 813bf0db-8ca7-4bf9-9e1d-fee184966915, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST031", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "813bf0db-8ca7-4bf9-9e1d-fee184966915", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "4.00E+08", + "ExtDeviceName": "MTP", + "ExtDeviceProductId": "6860", + "ExtDeviceSerialNumber": "RF8N803A8ZF", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 11:27:29 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST031, External Device Type: StillImage, External Device Vendor ID: 04B8, External Device Name: EPSON Scanner, External Device Product ID: 1120, External Device Serial Number: 583334513330303874, Zone Names: (Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: ee93884c-6d4b-4cfb-bac9-e0316ace2623, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST031", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "ee93884c-6d4b-4cfb-bac9-e0316ace2623", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "StillImage", + "ExtDeviceVendorId": "04B8", + "ExtDeviceName": "EPSON Scanner", + "ExtDeviceProductId": "1120", + "ExtDeviceSerialNumber": "5.83335E+17", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:57:31 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST032, File Path: c:\\temp\\configmgrclienthealth.ps1, SHA256: DABCF29974F6629FB4FF1250AA5C631AD5EF60BB8A2B9E08E9ADEF45054DE7FD, Interpreter: Powershell, Interpreter Version: 10.0.18362.1 (WinBuild.160101.0800), Zone Names: (Agent Update - Windows - Production 3,Device Type - Workstation), User Name: SYSTEM, Device Id: 49a3d5b3-e7e5-4e9f-ae9c-14ce3dd2103d, Policy Name: Workstation - Standard", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST032", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "c:\\temp\\configmgrclienthealth.ps1", + "FileHashSha256": "DABCF29974F6629FB4FF1250AA5C631AD5EF60BB8A2B9E08E9ADEF45054DE7FD", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.18362.1 (WinBuild.160101.0800)", + "UserName": "SYSTEM", + "DeviceId": "49a3d5b3-e7e5-4e9f-ae9c-14ce3dd2103d", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 04:34:04 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST032, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: SAMSUNG_Android, External Device Product ID: 6860, External Device Serial Number: RR8N706DT7M, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: e26831c7-7b54-4518-9e3e-7187b16bcd2f, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST032", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "e26831c7-7b54-4518-9e3e-7187b16bcd2f", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "4.00E+08", + "ExtDeviceName": "SAMSUNG_Android", + "ExtDeviceProductId": "6860", + "ExtDeviceSerialNumber": "RR8N706DT7M", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:02:04 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST033 was auto assigned to Zone: Agent Update - Windows - Production 3, User: ", + "EventType": "AuditLog", + "EventName": "ZoneAddDevice", + "DeviceName": "TESTHOST033", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "Agent Update - Windows - Production 3", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:02:04 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST033 was auto assigned to Zone: Device Type - Workstation, User: ", + "EventType": "AuditLog", + "EventName": "ZoneAddDevice", + "DeviceName": "TESTHOST033", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "Device Type - Workstation", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 05:04:04 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST036, External Device Type: StillImage, External Device Vendor ID: 03F0, External Device Name: HP Scanjet scanner, External Device Product ID: 4605, External Device Serial Number: CN33EBB03005, Zone Names: (Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 597e7723-9369-4152-b500-2ca5049a0c46, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST036", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "597e7723-9369-4152-b500-2ca5049a0c46", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "StillImage", + "ExtDeviceVendorId": "03F0", + "ExtDeviceName": "HP Scanjet scanner", + "ExtDeviceProductId": "4605", + "ExtDeviceSerialNumber": "CN33EBB03005", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 07:38:21 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST039, External Device Type: iOS, External Device Vendor ID: 05AC, External Device Name: PTP, External Device Product ID: 12A8, External Device Serial Number: c8c4c84eb4b7964b5c4de04188d15f26660e50cf, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: a5e87aad-ded3-4b11-a836-e59145221283, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST039", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "a5e87aad-ded3-4b11-a836-e59145221283", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "iOS", + "ExtDeviceVendorId": "05AC", + "ExtDeviceName": "PTP", + "ExtDeviceProductId": "12A8", + "ExtDeviceSerialNumber": "c8c4c84eb4b7964b5c4de04188d15f26660e50cf", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 00:36:29 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST039, IP Address: (192.47.54.117), File Name: trainer.exe, Path: W:\\Temp_7_days\\Sugi\\SONGS A\\Barat By Artist II\\MIX\\mytrdcas13t2.zip|, Drive Type: Internal Hard Drive, File Owner: BUILTIN\\Administrators, SHA256: 66332B486BEFC96ED5CBE7D024D70D72D6C243C8A0E17BDC06379BB7FEA1E9E2, MD5: 640BC20A74E46F7DD1184EA844466FD3, Status: Quarantined, Cylance Score: 100, Found Date: 12/1/2020 12:36:29 AM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,App - Server - File and Print,Device Type - Server), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 67414f46-a4eb-4956-93b5-b3e7cb0163ad, Policy Name: Server - File and Print", + "EventType": "Threat", + "EventName": "threat_quarantined", + "DeviceName": "TESTHOST039", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.210.98.148\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"App - Server - File and Print\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "66332B486BEFC96ED5CBE7D024D70D72D6C243C8A0E17BDC06379BB7FEA1E9E2", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "67414f46-a4eb-4956-93b5-b3e7cb0163ad", + "PolicyName": "Server - File and Print", + "FileName": "trainer.exe", + "Path": "W:\\Temp_7_days\\Sugi\\SONGS A\\Barat By Artist II\\MIX\\mytrdcas13t2.zip|", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "640BC20A74E46F7DD1184EA844466FD3", + "Status": "Quarantined", + "CylanceScore": "100", + "FoundDate": "12/1/2020 0:36", + "FileType": "Executable", + "IsRunning": "FALSE", + "AutoRun": "FALSE", + "DetectedBy": "FileWatcher", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 00:35:54 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST039, IP Address: (192.191.126.229), File Name: trainer.exe, Path: W:\\Temp_7_days\\Sugi\\SONGS A\\Barat By Artist II\\MIX\\I-RDCQT9.ZIP|, Drive Type: Internal Hard Drive, File Owner: BUILTIN\\Administrators, SHA256: CDDDEBBC7A102EB672C835148F7A2A00EB69B7CA904194D96CF0F0EBC4182B46, MD5: 954EFC4E835C897A0D17427559669EE4, Status: Quarantined, Cylance Score: 82, Found Date: 12/1/2020 12:35:54 AM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,App - Server - File and Print,Device Type - Server), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 67414f46-a4eb-4956-93b5-b3e7cb0163ad, Policy Name: Server - File and Print", + "EventType": "Threat", + "EventName": "threat_quarantined", + "DeviceName": "TESTHOST039", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.210.98.148\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"App - Server - File and Print\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "CDDDEBBC7A102EB672C835148F7A2A00EB69B7CA904194D96CF0F0EBC4182B46", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "67414f46-a4eb-4956-93b5-b3e7cb0163ad", + "PolicyName": "Server - File and Print", + "FileName": "trainer.exe", + "Path": "W:\\Temp_7_days\\Sugi\\SONGS A\\Barat By Artist II\\MIX\\I-RDCQT9.ZIP|", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "954EFC4E835C897A0D17427559669EE4", + "Status": "Quarantined", + "CylanceScore": "82", + "FoundDate": "12/1/2020 0:35", + "FileType": "Executable", + "IsRunning": "FALSE", + "AutoRun": "FALSE", + "DetectedBy": "FileWatcher", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 21 10:19:03 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST04, IP Address: (192.225.89.38, 192.225.89.38), File Name: sapdsigner, Path: /act/mnt/Staging_3233658/usr/sap/hostctrl_25July2020/exe/, Drive Type: Internal Hard Drive, SHA256: 0DD9CC9174EE03F858ED65F3B5969AA702B658801A3FD5B1590DE04C98C7BEBD, MD5: 8B613D1D1BF0CEEF4F0EF0034D4EF97D, Status: Quarantined, Cylance Score: 36, Found Date: 10/23/2020 3:58:06 PM, File Type: LinuxExe, Is Running: True, Auto Run: False, Detected By: FileWatcher, Zone Names: (Device Type - Linux Server - SAP), Is Malware: False, Is Unique To Cylance: True, Threat Classification: Trusted - Local, Device Id: 9475effa-1e3d-411a-b35a-650d73ec6042, Policy Name: Linux Server - SAP - MP Term", + "EventType": "Threat", + "EventName": "threat_changed", + "DeviceName": "TESTHOST04", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.130.217.105\",\" 10.250.11.105\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Device Type - Linux Server - SAP\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "0DD9CC9174EE03F858ED65F3B5969AA702B658801A3FD5B1590DE04C98C7BEBD", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "9475effa-1e3d-411a-b35a-650d73ec6042", + "PolicyName": "Linux Server - SAP - MP Term", + "FileName": "sapdsigner", + "Path": "/act/mnt/Staging_3233658/usr/sap/hostctrl_25July2020/exe/", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "8B613D1D1BF0CEEF4F0EF0034D4EF97D", + "Status": "Quarantined", + "CylanceScore": "36", + "FoundDate": "10/23/2020 15:58", + "FileType": "LinuxExe", + "IsRunning": "TRUE", + "AutoRun": "FALSE", + "DetectedBy": "FileWatcher", + "IsMalware": "FALSE", + "IsUniqueToCylance": "TRUE", + "ThreatClassification": "Trusted - Local", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 21 10:19:03 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST04, IP Address: (10.3.2.247, 10.3.2.247), File Name: sapdsigner, Path: /act/mnt/Staging_3233658/usr/sap/hostctrl_25July2020/exe/, Drive Type: Internal Hard Drive, SHA256: 0DD9CC9174EE03F858ED65F3B5969AA702B658801A3FD5B1590DE04C98C7BEBD, MD5: 8B613D1D1BF0CEEF4F0EF0034D4EF97D, Status: Quarantined, Cylance Score: 36, Found Date: 10/23/2020 3:58:06 PM, File Type: LinuxExe, Is Running: False, Auto Run: False, Detected By: FileWatcher, Zone Names: (Device Type - Linux Server - SAP), Is Malware: False, Is Unique To Cylance: True, Threat Classification: Trusted - Local, Device Id: 9475effa-1e3d-411a-b35a-650d73ec6042, Policy Name: Linux Server - SAP - MP Term", + "EventType": "Threat", + "EventName": "threat_changed", + "DeviceName": "TESTHOST04", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.130.217.105\",\" 10.250.11.105\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Device Type - Linux Server - SAP\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "0DD9CC9174EE03F858ED65F3B5969AA702B658801A3FD5B1590DE04C98C7BEBD", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "9475effa-1e3d-411a-b35a-650d73ec6042", + "PolicyName": "Linux Server - SAP - MP Term", + "FileName": "sapdsigner", + "Path": "/act/mnt/Staging_3233658/usr/sap/hostctrl_25July2020/exe/", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "8B613D1D1BF0CEEF4F0EF0034D4EF97D", + "Status": "Quarantined", + "CylanceScore": "36", + "FoundDate": "10/23/2020 15:58", + "FileType": "LinuxExe", + "IsRunning": "FALSE", + "AutoRun": "FALSE", + "DetectedBy": "FileWatcher", + "IsMalware": "FALSE", + "IsUniqueToCylance": "TRUE", + "ThreatClassification": "Trusted - Local", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:42:42 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST040, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 6d4fd7e0-6e44-4b5d-af04-49025c271b8f, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST040", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "6d4fd7e0-6e44-4b5d-af04-49025c271b8f", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:52:05 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST040, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 6d4fd7e0-6e44-4b5d-af04-49025c271b8f, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST040", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "6d4fd7e0-6e44-4b5d-af04-49025c271b8f", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 04:07:05 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST041, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: MTP, External Device Product ID: 6860, External Device Serial Number: RZ8NB035NRB, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: cd1e0df9-c479-46e7-94ef-45a2f92633e8, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST041", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "cd1e0df9-c479-46e7-94ef-45a2f92633e8", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "4.00E+08", + "ExtDeviceName": "MTP", + "ExtDeviceProductId": "6860", + "ExtDeviceSerialNumber": "RZ8NB035NRB", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 04:05:54 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST041, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: MTP, External Device Product ID: 6860, External Device Serial Number: RZ8NB035NRB, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: cd1e0df9-c479-46e7-94ef-45a2f92633e8, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST041", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "cd1e0df9-c479-46e7-94ef-45a2f92633e8", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "4.00E+08", + "ExtDeviceName": "MTP", + "ExtDeviceProductId": "6860", + "ExtDeviceSerialNumber": "RZ8NB035NRB", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 04:05:47 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST041, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: MTP, External Device Product ID: 6860, External Device Serial Number: RZ8NB035NRB, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: cd1e0df9-c479-46e7-94ef-45a2f92633e8, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST041", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "cd1e0df9-c479-46e7-94ef-45a2f92633e8", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "4.00E+08", + "ExtDeviceName": "MTP", + "ExtDeviceProductId": "6860", + "ExtDeviceSerialNumber": "RZ8NB035NRB", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 04:05:34 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST041, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: MTP, External Device Product ID: 6860, External Device Serial Number: RZ8NB035NRB, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: cd1e0df9-c479-46e7-94ef-45a2f92633e8, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST041", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "cd1e0df9-c479-46e7-94ef-45a2f92633e8", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "4.00E+08", + "ExtDeviceName": "MTP", + "ExtDeviceProductId": "6860", + "ExtDeviceSerialNumber": "RZ8NB035NRB", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 04:58:29 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST041, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 2fee477f-a855-475f-b690-989dd1ec9023, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST041", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "2fee477f-a855-475f-b690-989dd1ec9023", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:37:46 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST041, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 2fee477f-a855-475f-b690-989dd1ec9023, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST041", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "2fee477f-a855-475f-b690-989dd1ec9023", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:57:33 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST041, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 2fee477f-a855-475f-b690-989dd1ec9023, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST041", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "2fee477f-a855-475f-b690-989dd1ec9023", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 07:23:21 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST042, External Device Type: WPD, External Device Vendor ID: 2717, External Device Name: MI MAX, External Device Product ID: FF40, External Device Serial Number: fdd9f00d, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 9d4732ac-1c0c-49c0-946a-59e76264c55d, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST042", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "9d4732ac-1c0c-49c0-946a-59e76264c55d", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "2717", + "ExtDeviceName": "MI MAX", + "ExtDeviceProductId": "FF40", + "ExtDeviceSerialNumber": "fdd9f00d", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 07:23:13 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST042, External Device Type: WPD, External Device Vendor ID: 2717, External Device Name: MI MAX, External Device Product ID: FF40, External Device Serial Number: fdd9f00d, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 9d4732ac-1c0c-49c0-946a-59e76264c55d, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST042", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "9d4732ac-1c0c-49c0-946a-59e76264c55d", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "2717", + "ExtDeviceName": "MI MAX", + "ExtDeviceProductId": "FF40", + "ExtDeviceSerialNumber": "fdd9f00d", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 00:10:41 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST043 was auto assigned to Zone: Agent Update - Windows - Production 1, User: ", + "EventType": "AuditLog", + "EventName": "ZoneAddDevice", + "DeviceName": "TESTHOST043", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "Agent Update - Windows - Production 1", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 00:10:41 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST043 was auto assigned to Zone: Agent Update - Windows - Production 3, User: ", + "EventType": "AuditLog", + "EventName": "ZoneAddDevice", + "DeviceName": "TESTHOST043", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "Agent Update - Windows - Production 3", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 00:10:40 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST043 was auto assigned to Zone: Device Type - Workstation, User: ", + "EventType": "AuditLog", + "EventName": "ZoneAddDevice", + "DeviceName": "TESTHOST043", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "Device Type - Workstation", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 03:36:28 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST051, External Device Type: iOS, External Device Vendor ID: 05AC, External Device Name: PTP, External Device Product ID: 12A8, External Device Serial Number: 00008020001E09320212002E, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 4b8097b0-b0dd-4b0e-a324-f2a1376a2d83, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST051", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "4b8097b0-b0dd-4b0e-a324-f2a1376a2d83", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "iOS", + "ExtDeviceVendorId": "05AC", + "ExtDeviceName": "PTP", + "ExtDeviceProductId": "12A8", + "ExtDeviceSerialNumber": "00008020001E09320212002E", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 07:22:15 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST054, IP Address: (192.246.12.75), File Name: Updater.exe, Path: F:\\pcdatabackup\\Documenttt\\GEM4D 64-bit July 2020\\GEM4D 64-bit\\, Drive Type: Internal Hard Drive, File Owner: ABC\\test-user82, SHA256: 1B03974B34C9B6A18C3F2235BA2380BE402338E2263AD52C31C53F1815AE29D0, MD5: E0AE01B2B652C359F39EED10FF084172, Status: Quarantined, Cylance Score: 84, Found Date: 12/1/2020 7:22:15 AM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,App - Server - File and Print,Device Type - Server), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 55db412c-b8e5-4a1e-a8c3-f54947f6ccc4, Policy Name: Server - File and Print_PCN", + "EventType": "Threat", + "EventName": "threat_quarantined", + "DeviceName": "TESTHOST054", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"10.130.68.104\"]", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"App - Server - File and Print\",\"Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "1B03974B34C9B6A18C3F2235BA2380BE402338E2263AD52C31C53F1815AE29D0", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "55db412c-b8e5-4a1e-a8c3-f54947f6ccc4", + "PolicyName": "Server - File and Print_PCN", + "FileName": "Updater.exe", + "Path": "F:\\pcdatabackup\\Documenttt\\GEM4D 64-bit July 2020\\GEM4D 64-bit\\", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "E0AE01B2B652C359F39EED10FF084172", + "Status": "Quarantined", + "CylanceScore": "84", + "FoundDate": "12/1/2020 7:22", + "FileType": "Executable", + "IsRunning": "FALSE", + "AutoRun": "FALSE", + "DetectedBy": "FileWatcher", + "IsMalware": "FALSE", + "IsUniqueToCylance": "FALSE", + "ThreatClassification": "UNCLASSIFIED", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 04:46:44 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST055 was auto assigned to Zone: Agent Update - Windows - Production 3, User: ", + "EventType": "AuditLog", + "EventName": "ZoneAddDevice", + "DeviceName": "TESTHOST055", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "Agent Update - Windows - Production 3", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 04:46:44 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST055 was auto assigned to Zone: Device Type - Workstation, User: ", + "EventType": "AuditLog", + "EventName": "ZoneAddDevice", + "DeviceName": "TESTHOST055", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "Device Type - Workstation", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 04:46:44 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST055 was auto assigned to Zone: Agent Update - Windows - Production 1, User: ", + "EventType": "AuditLog", + "EventName": "ZoneAddDevice", + "DeviceName": "TESTHOST055", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "Agent Update - Windows - Production 1", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 04:35:49 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST056, External Device Type: WPD, External Device Vendor ID: 22D9, External Device Name: CPH1819, External Device Product ID: 2764, External Device Serial Number: SKJ7V46HEY9SR8FU, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: bbd8dd87-334b-4852-ba0c-305b34cb16c5, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST056", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "bbd8dd87-334b-4852-ba0c-305b34cb16c5", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "22D9", + "ExtDeviceName": "CPH1819", + "ExtDeviceProductId": "2764", + "ExtDeviceSerialNumber": "SKJ7V46HEY9SR8FU", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 05:56:26 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST066, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: MTP, External Device Product ID: 6860, External Device Serial Number: 2130c4650c017ece, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 93a66b18-a878-4b07-be62-31e1755b038f, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST066", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "93a66b18-a878-4b07-be62-31e1755b038f", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "4.00E+08", + "ExtDeviceName": "MTP", + "ExtDeviceProductId": "6860", + "ExtDeviceSerialNumber": "2130c4650c017ece", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 05:54:58 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST066, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: MTP, External Device Product ID: 6860, External Device Serial Number: 2130c4650c017ece, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 93a66b18-a878-4b07-be62-31e1755b038f, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST066", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "93a66b18-a878-4b07-be62-31e1755b038f", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "4.00E+08", + "ExtDeviceName": "MTP", + "ExtDeviceProductId": "6860", + "ExtDeviceSerialNumber": "2130c4650c017ece", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 05:54:50 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST066, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: MTP, External Device Product ID: 6860, External Device Serial Number: 2130c4650c017ece, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 93a66b18-a878-4b07-be62-31e1755b038f, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST066", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "93a66b18-a878-4b07-be62-31e1755b038f", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "4.00E+08", + "ExtDeviceName": "MTP", + "ExtDeviceProductId": "6860", + "ExtDeviceSerialNumber": "2130c4650c017ece", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 04:16:53 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST073, External Device Type: USBDrive, External Device Vendor ID: 0781, External Device Name: SanDisk Cruzer Edge USB Device, External Device Product ID: 556B, External Device Serial Number: 4C530199950409122492, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 9961d21d-c10e-473f-935b-825cc50c89c6, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST073", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "9961d21d-c10e-473f-935b-825cc50c89c6", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "USBDrive", + "ExtDeviceVendorId": "781", + "ExtDeviceName": "SanDisk Cruzer Edge USB Device", + "ExtDeviceProductId": "556B", + "ExtDeviceSerialNumber": "4C530199950409122492", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 07:19:21 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST076, External Device Type: WPD, External Device Vendor ID: 2D95, External Device Name: vivo 1920, External Device Product ID: 6004, External Device Serial Number: daf0e808, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 172b00c7-5f41-4b08-8852-329acf45756b, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST076", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "172b00c7-5f41-4b08-8852-329acf45756b", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "2D95", + "ExtDeviceName": "vivo 1920", + "ExtDeviceProductId": "6004", + "ExtDeviceSerialNumber": "daf0e808", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 07:06:59 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST076, External Device Type: WPD, External Device Vendor ID: 2D95, External Device Name: vivo 1920, External Device Product ID: 6004, External Device Serial Number: daf0e808, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 172b00c7-5f41-4b08-8852-329acf45756b, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST076", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "172b00c7-5f41-4b08-8852-329acf45756b", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "2D95", + "ExtDeviceName": "vivo 1920", + "ExtDeviceProductId": "6004", + "ExtDeviceSerialNumber": "daf0e808", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 07:06:52 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST076, External Device Type: WPD, External Device Vendor ID: 2D95, External Device Name: vivo 1920, External Device Product ID: 6002, External Device Serial Number: daf0e808, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 172b00c7-5f41-4b08-8852-329acf45756b, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST076", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "172b00c7-5f41-4b08-8852-329acf45756b", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "2D95", + "ExtDeviceName": "vivo 1920", + "ExtDeviceProductId": "6002", + "ExtDeviceSerialNumber": "daf0e808", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "{\"AV Industry\": \"Threat\", \"Access Time\": \"11/25/2020 8:39:46 PM\", \"Auto Run\": \"False\", \"Cert Issuer\": \"DigiCert SHA2 Assured ID Code Signing CA\", \"Cert Publisher\": \"Byte Technologies LLC\", \"Cert Subject\": \"Byte Technologies LLC\", \"Cert Timestamp\": \"N/A\", \"Classification\": \"N/A\", \"Company Name\": \"Byte Technologies LLC\", \"Copyright\": \"Copyright \\u00a9 2018 Byte Technologies LLC\", \"Create Time\": \"11/25/2020 8:39:46 PM\", \"Cylance Score\": \"100\", \"Description\": \"ByteFence Anti-Malware Scanner\", \"Detected By\": \"File Watcher\", \"DeviceName\": \"TESTHOST087\", \"Drive Type\": \"Internal Hard Drive\", \"Ever Run\": \"False\", \"File Name\": \"ByteFenceScan.exe\", \"File Owner\": \"NT AUTHORITY\\\\SYSTEM\", \"File Path\": \"C:\\\\Program Files\\\\ByteFence\\\\ByteFenceScan.exe\", \"File Size (bytes)\": \"827720\", \"File Status\": \"quarantined\", \"File Version\": \"192.28.12.207\", \"First Found\": \"11/25/2020 9:06:59 PM\", \"Global Quarantined\": \"No\", \"Last Found\": \"11/30/2020 6:27:08 PM\", \"MD5\": \"4DF54F30911CF1EDAD40A711E1EBC6E5\", \"Modification Time\": \"11/25/2020 8:39:46 PM\", \"Product Name\": \"ByteFence Anti-Malware\", \"Running\": \"False\", \"SHA256\": \"B2F2C95FDDEC170F599460D6FEE5AA89DE9DAA21F4309B3F43733542BCF8A4B8\", \"Safelisted\": \"No\", \"Serial Number\": \"1266f7a1-603f-405a-9c66-79fa7c15e829\", \"Signature Status\": \"Valid\", \"Signed\": \"True\", \"Tenant\": \"ABC\"}", + "EventType": "", + "EventName": "", + "DeviceName": "TESTHOST087", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"\"]", + "SrcMacAddr": "[\"\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"\"]", + "ZoneNames_string": "", + "FilePath": "C:\\Program Files\\ByteFence\\ByteFenceScan.exe", + "FileHashSha256": "B2F2C95FDDEC170F599460D6FEE5AA89DE9DAA21F4309B3F43733542BCF8A4B8", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "ByteFenceScan.exe", + "Path": "", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "4DF54F30911CF1EDAD40A711E1EBC6E5", + "Status": "", + "CylanceScore": "100", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "FALSE", + "DetectedBy": "File Watcher", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "1266f7a1-603f-405a-9c66-79fa7c15e829", + "Tenant": "ABC", + "AvIndustry": "Threat", + "AccessTime": "11/25/2020 20:39", + "CertIssuer": "DigiCert SHA2 Assured ID Code Signing CA", + "CertPublisher": "Byte Technologies LLC", + "CertSubject": "Byte Technologies LLC", + "CertTimestamp": "N/A", + "Classification_": "N/A", + "CompanyName": "Byte Technologies LLC", + "Copyright": "Copyright © 2018 Byte Technologies LLC", + "CreateTime": "11/25/2020 20:39", + "Description": "ByteFence Anti-Malware Scanner", + "EverRun": "FALSE", + "FileOwner": "NT AUTHORITY\\SYSTEM", + "FileSize": "827720", + "FileStatus": "quarantined", + "FileVersion": "5.5.0.0", + "FirstFound": "11/25/2020 21:06", + "GlobalQuarantined": "No", + "LastFound": "11/30/2020 18:27", + "ModificationTime": "11/25/2020 20:39", + "ProductName": "ByteFence Anti-Malware", + "Running": "FALSE", + "Safelisted": "No", + "SignatureStatus": "Valid", + "Signed": "TRUE" + }, + { + "SyslogMessage": "{\"AV Industry\": \"Threat\", \"Access Time\": \"11/25/2020 7:45:21 PM\", \"Auto Run\": \"False\", \"Cert Issuer\": \"Symantec Class 3 SHA256 Code Signing CA\", \"Cert Publisher\": \"Piriform Ltd\", \"Cert Subject\": \"Piriform Ltd\", \"Cert Timestamp\": \"6/6/2016 10:45:00 PM\", \"Classification\": \"PUP - Adware\", \"Company Name\": \"Piriform Ltd\", \"Copyright\": \"Copyright \\u00a9 2006-2016 Piriform Ltd\", \"Create Time\": \"11/25/2020 7:45:21 PM\", \"Cylance Score\": \"100\", \"Description\": \"Recuva Installer\", \"Detected By\": \"Execution Control\", \"DeviceName\": \"TESTHOST087\", \"Drive Type\": \"Internal Hard Drive\", \"Ever Run\": \"False\", \"File Name\": \"recuva-1-53-1087.exe\", \"File Owner\": \"NT AUTHORITY\\\\SYSTEM\", \"File Path\": \"C:\\\\Users\\\\Administrator\\\\Downloads\\\\recuva-1-53-1087.exe\", \"File Size (bytes)\": \"5473600\", \"File Status\": \"quarantined\", \"File Version\": \"192.81.101.147\", \"First Found\": \"11/25/2020 9:06:59 PM\", \"Global Quarantined\": \"No\", \"Last Found\": \"11/30/2020 6:27:08 PM\", \"MD5\": \"981E63069729E977237100CE02BA6FC8\", \"Modification Time\": \"11/25/2020 7:45:42 PM\", \"Product Name\": \"Recuva\", \"Running\": \"False\", \"SHA256\": \"F1C4C64796AA719F569C4AE6A904A27A768BA48F5AAA735F58E1947E71DCB91A\", \"Safelisted\": \"No\", \"Serial Number\": \"1266f7a1-603f-405a-9c66-79fa7c15e829\", \"Signature Status\": \"Valid\", \"Signed\": \"True\", \"Tenant\": \"ABC\"}", + "EventType": "", + "EventName": "", + "DeviceName": "TESTHOST087", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"\"]", + "SrcMacAddr": "[\"\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"\"]", + "ZoneNames_string": "", + "FilePath": "C:\\Users\\Administrator\\Downloads\\recuva-1-53-1087.exe", + "FileHashSha256": "F1C4C64796AA719F569C4AE6A904A27A768BA48F5AAA735F58E1947E71DCB91A", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "recuva-1-53-1087.exe", + "Path": "", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "981E63069729E977237100CE02BA6FC8", + "Status": "", + "CylanceScore": "100", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "FALSE", + "DetectedBy": "Execution Control", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "1266f7a1-603f-405a-9c66-79fa7c15e829", + "Tenant": "ABC", + "AvIndustry": "Threat", + "AccessTime": "11/25/2020 19:45", + "CertIssuer": "Symantec Class 3 SHA256 Code Signing CA", + "CertPublisher": "Piriform Ltd", + "CertSubject": "Piriform Ltd", + "CertTimestamp": "6/6/2016 22:45", + "Classification_": "PUP - Adware", + "CompanyName": "Piriform Ltd", + "Copyright": "Copyright © 2006-2016 Piriform Ltd", + "CreateTime": "11/25/2020 19:45", + "Description": "Recuva Installer", + "EverRun": "FALSE", + "FileOwner": "NT AUTHORITY\\SYSTEM", + "FileSize": "5473600", + "FileStatus": "quarantined", + "FileVersion": "1.0.0.0", + "FirstFound": "11/25/2020 21:06", + "GlobalQuarantined": "No", + "LastFound": "11/30/2020 18:27", + "ModificationTime": "11/25/2020 19:45", + "ProductName": "Recuva", + "Running": "FALSE", + "Safelisted": "No", + "SignatureStatus": "Valid", + "Signed": "TRUE" + }, + { + "SyslogMessage": "{\"AV Industry\": \"Threat\", \"Access Time\": \"11/25/2020 7:46:44 PM\", \"Auto Run\": \"False\", \"Cert Issuer\": \"Symantec Class 3 SHA256 Code Signing CA\", \"Cert Publisher\": \"Piriform Ltd\", \"Cert Subject\": \"Piriform Ltd\", \"Cert Timestamp\": \"6/6/2016 10:45:00 PM\", \"Classification\": \"PUP - Adware\", \"Company Name\": \"Piriform Ltd\", \"Copyright\": \"Copyright \\u00a9 2006-2016 Piriform Ltd\", \"Create Time\": \"11/25/2020 7:46:44 PM\", \"Cylance Score\": \"100\", \"Description\": \"Recuva Installer\", \"Detected By\": \"File Watcher\", \"DeviceName\": \"TESTHOST087\", \"Drive Type\": \"Internal Hard Drive\", \"Ever Run\": \"False\", \"File Name\": \"f_0008db\", \"File Owner\": \"NT AUTHORITY\\\\SYSTEM\", \"File Path\": \"C:\\\\Users\\\\Administrator\\\\AppData\\\\Local\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Cache\\\\f_0008db\", \"File Size (bytes)\": \"5473600\", \"File Status\": \"quarantined\", \"File Version\": \"172.74.81.145\", \"First Found\": \"11/25/2020 9:06:59 PM\", \"Global Quarantined\": \"No\", \"Last Found\": \"11/30/2020 6:27:08 PM\", \"MD5\": \"981E63069729E977237100CE02BA6FC8\", \"Modification Time\": \"11/25/2020 7:46:57 PM\", \"Product Name\": \"Recuva\", \"Running\": \"False\", \"SHA256\": \"F1C4C64796AA719F569C4AE6A904A27A768BA48F5AAA735F58E1947E71DCB91A\", \"Safelisted\": \"No\", \"Serial Number\": \"1266f7a1-603f-405a-9c66-79fa7c15e829\", \"Signature Status\": \"Valid\", \"Signed\": \"True\", \"Tenant\": \"ABC\"}", + "EventType": "", + "EventName": "", + "DeviceName": "TESTHOST087", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"\"]", + "SrcMacAddr": "[\"\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"\"]", + "ZoneNames_string": "", + "FilePath": "C:\\Users\\Administrator\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\f_0008db", + "FileHashSha256": "F1C4C64796AA719F569C4AE6A904A27A768BA48F5AAA735F58E1947E71DCB91A", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "f_0008db", + "Path": "", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "981E63069729E977237100CE02BA6FC8", + "Status": "", + "CylanceScore": "100", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "FALSE", + "DetectedBy": "File Watcher", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "1266f7a1-603f-405a-9c66-79fa7c15e829", + "Tenant": "ABC", + "AvIndustry": "Threat", + "AccessTime": "11/25/2020 19:46", + "CertIssuer": "Symantec Class 3 SHA256 Code Signing CA", + "CertPublisher": "Piriform Ltd", + "CertSubject": "Piriform Ltd", + "CertTimestamp": "6/6/2016 22:45", + "Classification_": "PUP - Adware", + "CompanyName": "Piriform Ltd", + "Copyright": "Copyright © 2006-2016 Piriform Ltd", + "CreateTime": "11/25/2020 19:46", + "Description": "Recuva Installer", + "EverRun": "FALSE", + "FileOwner": "NT AUTHORITY\\SYSTEM", + "FileSize": "5473600", + "FileStatus": "quarantined", + "FileVersion": "1.0.0.0", + "FirstFound": "11/25/2020 21:06", + "GlobalQuarantined": "No", + "LastFound": "11/30/2020 18:27", + "ModificationTime": "11/25/2020 19:46", + "ProductName": "Recuva", + "Running": "FALSE", + "Safelisted": "No", + "SignatureStatus": "Valid", + "Signed": "TRUE" + }, + { + "SyslogMessage": "{\"AV Industry\": \"Threat\", \"Access Time\": \"11/25/2020 7:45:25 PM\", \"Auto Run\": \"False\", \"Cert Issuer\": \"Symantec Class 3 SHA256 Code Signing CA\", \"Cert Publisher\": \"Piriform Ltd\", \"Cert Subject\": \"Piriform Ltd\", \"Cert Timestamp\": \"6/6/2016 10:45:00 PM\", \"Classification\": \"PUP - Adware\", \"Company Name\": \"Piriform Ltd\", \"Copyright\": \"Copyright \\u00a9 2006-2016 Piriform Ltd\", \"Create Time\": \"11/25/2020 7:45:25 PM\", \"Cylance Score\": \"100\", \"Description\": \"Recuva Installer\", \"Detected By\": \"File Watcher\", \"DeviceName\": \"TESTHOST087\", \"Drive Type\": \"Internal Hard Drive\", \"Ever Run\": \"False\", \"File Name\": \"f_0008da\", \"File Owner\": \"NT AUTHORITY\\\\SYSTEM\", \"File Path\": \"C:\\\\Users\\\\Administrator\\\\AppData\\\\Local\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Cache\\\\f_0008da\", \"File Size (bytes)\": \"5473600\", \"File Status\": \"quarantined\", \"File Version\": \"172.218.36.57\", \"First Found\": \"11/25/2020 9:06:59 PM\", \"Global Quarantined\": \"No\", \"Last Found\": \"11/30/2020 6:27:08 PM\", \"MD5\": \"981E63069729E977237100CE02BA6FC8\", \"Modification Time\": \"11/25/2020 7:45:42 PM\", \"Product Name\": \"Recuva\", \"Running\": \"False\", \"SHA256\": \"F1C4C64796AA719F569C4AE6A904A27A768BA48F5AAA735F58E1947E71DCB91A\", \"Safelisted\": \"No\", \"Serial Number\": \"1266f7a1-603f-405a-9c66-79fa7c15e829\", \"Signature Status\": \"Valid\", \"Signed\": \"True\", \"Tenant\": \"ABC\"}", + "EventType": "", + "EventName": "", + "DeviceName": "TESTHOST087", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"\"]", + "SrcMacAddr": "[\"\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"\"]", + "ZoneNames_string": "", + "FilePath": "C:\\Users\\Administrator\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\f_0008da", + "FileHashSha256": "F1C4C64796AA719F569C4AE6A904A27A768BA48F5AAA735F58E1947E71DCB91A", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "f_0008da", + "Path": "", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "981E63069729E977237100CE02BA6FC8", + "Status": "", + "CylanceScore": "100", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "FALSE", + "DetectedBy": "File Watcher", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "1266f7a1-603f-405a-9c66-79fa7c15e829", + "Tenant": "ABC", + "AvIndustry": "Threat", + "AccessTime": "11/25/2020 19:45", + "CertIssuer": "Symantec Class 3 SHA256 Code Signing CA", + "CertPublisher": "Piriform Ltd", + "CertSubject": "Piriform Ltd", + "CertTimestamp": "6/6/2016 22:45", + "Classification_": "PUP - Adware", + "CompanyName": "Piriform Ltd", + "Copyright": "Copyright © 2006-2016 Piriform Ltd", + "CreateTime": "11/25/2020 19:45", + "Description": "Recuva Installer", + "EverRun": "FALSE", + "FileOwner": "NT AUTHORITY\\SYSTEM", + "FileSize": "5473600", + "FileStatus": "quarantined", + "FileVersion": "1.0.0.0", + "FirstFound": "11/25/2020 21:06", + "GlobalQuarantined": "No", + "LastFound": "11/30/2020 18:27", + "ModificationTime": "11/25/2020 19:45", + "ProductName": "Recuva", + "Running": "FALSE", + "Safelisted": "No", + "SignatureStatus": "Valid", + "Signed": "TRUE" + }, + { + "SyslogMessage": "{\"AV Industry\": \"Threat\", \"Access Time\": \"11/25/2020 7:46:41 PM\", \"Auto Run\": \"False\", \"Cert Issuer\": \"Symantec Class 3 SHA256 Code Signing CA\", \"Cert Publisher\": \"Piriform Ltd\", \"Cert Subject\": \"Piriform Ltd\", \"Cert Timestamp\": \"6/6/2016 10:45:00 PM\", \"Classification\": \"PUP - Adware\", \"Company Name\": \"Piriform Ltd\", \"Copyright\": \"Copyright \\u00a9 2006-2016 Piriform Ltd\", \"Create Time\": \"11/25/2020 7:46:54 PM\", \"Cylance Score\": \"100\", \"Description\": \"Recuva Installer\", \"Detected By\": \"File Watcher\", \"DeviceName\": \"TESTHOST087\", \"Drive Type\": \"Internal Hard Drive\", \"Ever Run\": \"False\", \"File Name\": \"$RAVRP4V.exe\", \"File Owner\": \"NT AUTHORITY\\\\SYSTEM\", \"File Path\": \"C:\\\\$Recycle.Bin\\\\S-1-5-21-589103672-3991889892-2680960721-500\\\\$RAVRP4V.exe\", \"File Size (bytes)\": \"5473600\", \"File Status\": \"quarantined\", \"File Version\": \"192.59.232.239\", \"First Found\": \"11/25/2020 9:06:59 PM\", \"Global Quarantined\": \"No\", \"Last Found\": \"11/30/2020 6:27:08 PM\", \"MD5\": \"981E63069729E977237100CE02BA6FC8\", \"Modification Time\": \"11/25/2020 7:46:57 PM\", \"Product Name\": \"Recuva\", \"Running\": \"False\", \"SHA256\": \"F1C4C64796AA719F569C4AE6A904A27A768BA48F5AAA735F58E1947E71DCB91A\", \"Safelisted\": \"No\", \"Serial Number\": \"1266f7a1-603f-405a-9c66-79fa7c15e829\", \"Signature Status\": \"Valid\", \"Signed\": \"True\", \"Tenant\": \"ABC\"}", + "EventType": "", + "EventName": "", + "DeviceName": "TESTHOST087", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"\"]", + "SrcMacAddr": "[\"\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"\"]", + "ZoneNames_string": "", + "FilePath": "C:\\$Recycle.Bin\\S-1-5-21-589103672-3991889892-2680960721-500\\$RAVRP4V.exe", + "FileHashSha256": "F1C4C64796AA719F569C4AE6A904A27A768BA48F5AAA735F58E1947E71DCB91A", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "$RAVRP4V.exe", + "Path": "", + "DriveType": "Internal Hard Drive", + "FileHashMd5": "981E63069729E977237100CE02BA6FC8", + "Status": "", + "CylanceScore": "100", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "FALSE", + "DetectedBy": "File Watcher", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "1266f7a1-603f-405a-9c66-79fa7c15e829", + "Tenant": "ABC", + "AvIndustry": "Threat", + "AccessTime": "11/25/2020 19:46", + "CertIssuer": "Symantec Class 3 SHA256 Code Signing CA", + "CertPublisher": "Piriform Ltd", + "CertSubject": "Piriform Ltd", + "CertTimestamp": "6/6/2016 22:45", + "Classification_": "PUP - Adware", + "CompanyName": "Piriform Ltd", + "Copyright": "Copyright © 2006-2016 Piriform Ltd", + "CreateTime": "11/25/2020 19:46", + "Description": "Recuva Installer", + "EverRun": "FALSE", + "FileOwner": "NT AUTHORITY\\SYSTEM", + "FileSize": "5473600", + "FileStatus": "quarantined", + "FileVersion": "1.0.0.0", + "FirstFound": "11/25/2020 21:06", + "GlobalQuarantined": "No", + "LastFound": "11/30/2020 18:27", + "ModificationTime": "11/25/2020 19:46", + "ProductName": "Recuva", + "Running": "FALSE", + "Safelisted": "No", + "SignatureStatus": "Valid", + "Signed": "TRUE" + }, + { + "SyslogMessage": "Dec 1 07:17:19 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST088, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: SAMSUNG_Android, External Device Product ID: 6860, External Device Serial Number: 920116e8304b230d, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: e217b1f3-3754-498d-a5a0-0f2e8a597ba4, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST088", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "e217b1f3-3754-498d-a5a0-0f2e8a597ba4", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "4.00E+08", + "ExtDeviceName": "SAMSUNG_Android", + "ExtDeviceProductId": "6860", + "ExtDeviceSerialNumber": "920116e8304b230d", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 06:13:53 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST088, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: SAMSUNG_Android, External Device Product ID: 6860, External Device Serial Number: 920116e8304b230d, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: e217b1f3-3754-498d-a5a0-0f2e8a597ba4, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST088", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "e217b1f3-3754-498d-a5a0-0f2e8a597ba4", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "4.00E+08", + "ExtDeviceName": "SAMSUNG_Android", + "ExtDeviceProductId": "6860", + "ExtDeviceSerialNumber": "920116e8304b230d", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 03:48:58 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST089, External Device Type: WPD, External Device Vendor ID: 2717, External Device Name: Redmi 9A, External Device Product ID: FF40, External Device Serial Number: ZL5DTG8DEYAMNRLV, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 0d0ac696-2020-424a-9a01-2167cdd4edc7, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST089", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "0d0ac696-2020-424a-9a01-2167cdd4edc7", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "2717", + "ExtDeviceName": "Redmi 9A", + "ExtDeviceProductId": "FF40", + "ExtDeviceSerialNumber": "ZL5DTG8DEYAMNRLV", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 03:47:02 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST089, External Device Type: WPD, External Device Vendor ID: 2717, External Device Name: Redmi 9A, External Device Product ID: FF40, External Device Serial Number: ZL5DTG8DEYAMNRLV, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 0d0ac696-2020-424a-9a01-2167cdd4edc7, Policy Name: Workstation - Standard", + "EventType": "DeviceControl", + "EventName": "fullaccess", + "DeviceName": "TESTHOST089", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\"Agent Update - Windows - Production 3\",\"Device Type - Workstation\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "0d0ac696-2020-424a-9a01-2167cdd4edc7", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "WPD", + "ExtDeviceVendorId": "2717", + "ExtDeviceName": "Redmi 9A", + "ExtDeviceProductId": "FF40", + "ExtDeviceSerialNumber": "ZL5DTG8DEYAMNRLV", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:42:53 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST090, File Path: c:\\temp\\configmgrclienthealth.ps1, SHA256: DABCF29974F6629FB4FF1250AA5C631AD5EF60BB8A2B9E08E9ADEF45054DE7FD, Interpreter: Powershell, Interpreter Version: 10.0.18362.1 (WinBuild.160101.0800), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), User Name: SYSTEM, Device Id: 075f420d-0db6-4451-872e-1975b77e3866, Policy Name: Workstation - Standard", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST090", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "c:\\temp\\configmgrclienthealth.ps1", + "FileHashSha256": "DABCF29974F6629FB4FF1250AA5C631AD5EF60BB8A2B9E08E9ADEF45054DE7FD", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.18362.1 (WinBuild.160101.0800)", + "UserName": "SYSTEM", + "DeviceId": "075f420d-0db6-4451-872e-1975b77e3866", + "PolicyName": "Workstation - Standard", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:36:17 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST091, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 3,Device Type - Server), User Name: SYSTEM, Device Id: ba302db3-4659-4064-a57a-4b9bb1be6bd2, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST091", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "ba302db3-4659-4064-a57a-4b9bb1be6bd2", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:57:51 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST091, File Path: d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 3,Device Type - Server), User Name: SYSTEM, Device Id: ba302db3-4659-4064-a57a-4b9bb1be6bd2, Policy Name: Server - CyberArk PSM", + "EventType": "ScriptControl", + "EventName": "Blocked", + "DeviceName": "TESTHOST091", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "d:\\program files (x86)\\cyberark\\psm\\scripts\\deploy-connectors.ps1", + "FileHashSha256": "7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53", + "Interpreter": "Powershell", + "InterpreterVersion": "10.0.14393.0 (rs1_release.160715-1616)", + "UserName": "SYSTEM", + "DeviceId": "ba302db3-4659-4064-a57a-4b9bb1be6bd2", + "PolicyName": "Server - CyberArk PSM", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:30:17 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST098 was auto assigned to Zone: Agent Update - Windows - Production 1, User: ", + "EventType": "AuditLog", + "EventName": "ZoneAddDevice", + "DeviceName": "TESTHOST098", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "Agent Update - Windows - Production 1", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:30:17 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST098 was auto assigned to Zone: Device Type - Workstation, User: ", + "EventType": "AuditLog", + "EventName": "ZoneAddDevice", + "DeviceName": "TESTHOST098", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "Device Type - Workstation", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 15:30:17 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST098 was auto assigned to Zone: Agent Update - Windows - Production 3, User: ", + "EventType": "AuditLog", + "EventName": "ZoneAddDevice", + "DeviceName": "TESTHOST098", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "Agent Update - Windows - Production 3", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:03:14 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST099 was auto assigned to Zone: Agent Update - Windows - Production 3, User: ", + "EventType": "AuditLog", + "EventName": "ZoneAddDevice", + "DeviceName": "TESTHOST099", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "Agent Update - Windows - Production 3", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 14:03:14 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST099 was auto assigned to Zone: Device Type - Workstation, User: ", + "EventType": "AuditLog", + "EventName": "ZoneAddDevice", + "DeviceName": "TESTHOST099", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "Device Type - Workstation", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "{\"Agent Version\": \"2.1.1570.35\", \"Background Detection\": \"False\", \"Created\": \"6/1/2020 5:02:03 AM\", \"Device Name\": \"TESTHOST113\", \"Files Analyzed\": \"137516\", \"IP Addresses\": \"192.188.88.75\", \"Is Online\": \"True\", \"Last Reported User\": \"ABC\\\\TEST-USER01\", \"Mac Addresses\": \"00-0D-3A-F9-FD-95\", \"OS Version\": \"Microsoft Windows Server 2016 Datacenter\", \"Offline Date\": \"N/A\", \"Online Date\": \"11/30/2020 10:30:39 PM\", \"Policy\": \"Server - Standard\", \"Serial Number\": \"e68f6f3b-248a-45a7-8df2-308c8ba4568c\", \"Tenant\": \"ABC\", \"Zones\": \"Agent Update - Windows - Production 3, Device Type - Server\"}", + "EventType": "", + "EventName": "", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "2.1.1570.35", + "SrcIpAddr": "[\"10.240.70.19\"]", + "SrcMacAddr": "[\"00-0D-3A-F9-FD-95\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "Microsoft Windows Server 2016 Datacenter", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 3\",\" Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "FALSE", + "EventCreationTime": "6/1/2020 5:02", + "FilesAnalyzed": "137516", + "IsOnline": "TRUE", + "LastReportedUser": "ABC\\TEST-USER01", + "OfflineDate": "N/A", + "OnlineDate": "11/30/2020 22:30", + "Policy": "Server - Standard", + "SerialNumber": "e68f6f3b-248a-45a7-8df2-308c8ba4568c", + "Tenant": "ABC", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "{\"Agent Version\": \"2.1.1570.35\", \"Background Detection\": \"False\", \"Created\": \"7/7/2020 8:32:21 AM\", \"Device Name\": \"TESTHOST112\", \"Files Analyzed\": \"115051\", \"IP Addresses\": \"10.192.70.254\", \"Is Online\": \"True\", \"Last Reported User\": \"ABC\\\\TEST-USER002\", \"Mac Addresses\": \"00-50-56-93-BE-4B\", \"OS Version\": \"Microsoft Windows Server 2016 Standard\", \"Offline Date\": \"N/A\", \"Online Date\": \"12/1/2020 12:35:00 AM\", \"Policy\": \"Server - Standard\", \"Serial Number\": \"15196b7d-ccdd-4027-a580-0a01bb4c17ce\", \"Tenant\": \"ABC\", \"Zones\": \"Agent Update - Windows - Production 2, Agent Update - Windows - Production 3, Device Type - Server\"}", + "EventType": "", + "EventName": "", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "2.1.1570.35", + "SrcIpAddr": "[\"10.190.11.26\"]", + "SrcMacAddr": "[\"00-50-56-93-BE-4B\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "Microsoft Windows Server 2016 Standard", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\" Agent Update - Windows - Production 3\",\" Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "FALSE", + "EventCreationTime": "7/7/2020 8:32", + "FilesAnalyzed": "115051", + "IsOnline": "TRUE", + "LastReportedUser": "ABC\\TEST-USER002", + "OfflineDate": "N/A", + "OnlineDate": "12/1/2020 0:35", + "Policy": "Server - Standard", + "SerialNumber": "15196b7d-ccdd-4027-a580-0a01bb4c17ce", + "Tenant": "ABC", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "{\"Agent Version\": \"2.1.1570.35\", \"Background Detection\": \"False\", \"Created\": \"5/2/2017 6:35:03 PM\", \"Device Name\": \"TESTHOST110\", \"Files Analyzed\": \"422659\", \"IP Addresses\": \"172.100.79.129\", \"Is Online\": \"True\", \"Last Reported User\": \"ABC\\\\TEST-USER004\", \"Mac Addresses\": \"00-0D-3A-06-1F-40\", \"OS Version\": \"Microsoft Windows Server 2016 Standard\", \"Offline Date\": \"N/A\", \"Online Date\": \"12/1/2020 7:03:33 AM\", \"Policy\": \"Server - SQL CustomApps\", \"Serial Number\": \"e2320233-fda7-484c-9f99-a4194121eed8\", \"Tenant\": \"ABC\", \"Zones\": \"Agent Update - Server - Pilot, Device Type - Server\"}", + "EventType": "", + "EventName": "", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "2.1.1570.35", + "SrcIpAddr": "[\"10.240.204.5\"]", + "SrcMacAddr": "[\"00-0D-3A-06-1F-40\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "Microsoft Windows Server 2016 Standard", + "ZoneNames_dynamic": "[\"Agent Update - Server - Pilot\",\" Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "FALSE", + "EventCreationTime": "5/2/2017 18:35", + "FilesAnalyzed": "422659", + "IsOnline": "TRUE", + "LastReportedUser": "ABC\\TEST-USER004", + "OfflineDate": "N/A", + "OnlineDate": "12/1/2020 7:03", + "Policy": "Server - SQL CustomApps", + "SerialNumber": "e2320233-fda7-484c-9f99-a4194121eed8", + "Tenant": "ABC", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "{\"Agent Version\": \"2.1.1570.35\", \"Background Detection\": \"False\", \"Created\": \"5/10/2017 6:06:28 PM\", \"Device Name\": \"TESTHOST101\", \"Files Analyzed\": \"272055\", \"IP Addresses\": \"172.66.118.7\", \"Is Online\": \"True\", \"Last Reported User\": \"ABC\\\\TEST-USER004,ABC\\\\TEST-USER005,ABC\\\\TEST-USER006\", \"Mac Addresses\": \"00-0D-3A-F9-8B-88\", \"OS Version\": \"Microsoft Windows Server 2016 Standard\", \"Offline Date\": \"N/A\", \"Online Date\": \"12/1/2020 7:56:53 AM\", \"Policy\": \"Server - SQL CustomApps\", \"Serial Number\": \"e8206f96-0a6b-4717-8aa4-ba11c9df007d\", \"Tenant\": \"ABC\", \"Zones\": \"Agent Update - Server - Pilot, Device Type - Server\"}", + "EventType": "", + "EventName": "", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "2.1.1570.35", + "SrcIpAddr": "[\"10.240.201.4\"]", + "SrcMacAddr": "[\"00-0D-3A-F9-8B-88\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "Microsoft Windows Server 2016 Standard", + "ZoneNames_dynamic": "[\"Agent Update - Server - Pilot\",\" Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "FALSE", + "EventCreationTime": "5/10/2017 18:06", + "FilesAnalyzed": "272055", + "IsOnline": "TRUE", + "LastReportedUser": "ABC\\TEST-USER004,ABC\\TEST-USER005,ABC\\TEST-USER006", + "OfflineDate": "N/A", + "OnlineDate": "12/1/2020 7:56", + "Policy": "Server - SQL CustomApps", + "SerialNumber": "e8206f96-0a6b-4717-8aa4-ba11c9df007d", + "Tenant": "ABC", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "{\"Agent Version\": \"2.1.1570.35\", \"Background Detection\": \"False\", \"Created\": \"9/1/2017 3:07:13 AM\", \"Device Name\": \"TESTHOST00\", \"Files Analyzed\": \"426601\", \"IP Addresses\": \"172.74.178.89\", \"Is Online\": \"True\", \"Last Reported User\": \"ABC\\\\TEST-USER008\", \"Mac Addresses\": \"00-50-56-80-20-6A\", \"OS Version\": \"Microsoft Windows Server 2016 Standard\", \"Offline Date\": \"N/A\", \"Online Date\": \"12/1/2020 6:13:56 AM\", \"Policy\": \"Server - SQL CustomApps\", \"Serial Number\": \"6bc4c1c4-5e9e-440c-9e47-025bb12406e0\", \"Tenant\": \"ABC\", \"Zones\": \"Agent Update - Windows - Production 1, Agent Update - Windows - Production 3, App - Server - SQL CustomApps , Device Type - Server\"}", + "EventType": "", + "EventName": "", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "2.1.1570.35", + "SrcIpAddr": "[\"10.210.98.213\"]", + "SrcMacAddr": "[\"00-50-56-80-20-6A\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "Microsoft Windows Server 2016 Standard", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 1\",\" Agent Update - Windows - Production 3\",\" App - Server - SQL CustomApps \",\" Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "FALSE", + "EventCreationTime": "9/1/2017 3:07", + "FilesAnalyzed": "426601", + "IsOnline": "TRUE", + "LastReportedUser": "ABC\\TEST-USER008", + "OfflineDate": "N/A", + "OnlineDate": "12/1/2020 6:13", + "Policy": "Server - SQL CustomApps", + "SerialNumber": "6bc4c1c4-5e9e-440c-9e47-025bb12406e0", + "Tenant": "ABC", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "{\"Agent Version\": \"2.1.1570.35\", \"Background Detection\": \"False\", \"Created\": \"10/3/2017 12:59:28 PM\", \"Device Name\": \"TESTHOST008\", \"Files Analyzed\": \"491931\", \"IP Addresses\": \"192.221.58.190\", \"Is Online\": \"True\", \"Last Reported User\": \"ABC\\\\TEST-USER009\", \"Mac Addresses\": \"00-50-56-A6-31-FA\", \"OS Version\": \"Microsoft Windows Server 2016 Standard\", \"Offline Date\": \"N/A\", \"Online Date\": \"12/1/2020 12:36:28 AM\", \"Policy\": \"Server - SQL CustomApps\", \"Serial Number\": \"8258d51a-00e2-4f06-a8ae-c82812503edd\", \"Tenant\": \"ABC\", \"Zones\": \"Agent Update - Windows - Production 2, Agent Update - Windows - Production 3, App - Server - SQL CustomApps , Device Type - Server\"}", + "EventType": "", + "EventName": "", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "2.1.1570.35", + "SrcIpAddr": "[\"10.80.59.40\"]", + "SrcMacAddr": "[\"00-50-56-A6-31-FA\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "Microsoft Windows Server 2016 Standard", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 2\",\" Agent Update - Windows - Production 3\",\" App - Server - SQL CustomApps \",\" Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "FALSE", + "EventCreationTime": "10/3/2017 12:59", + "FilesAnalyzed": "491931", + "IsOnline": "TRUE", + "LastReportedUser": "ABC\\TEST-USER009", + "OfflineDate": "N/A", + "OnlineDate": "12/1/2020 0:36", + "Policy": "Server - SQL CustomApps", + "SerialNumber": "8258d51a-00e2-4f06-a8ae-c82812503edd", + "Tenant": "ABC", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "{\"Agent Version\": \"2.1.1570.35\", \"Background Detection\": \"False\", \"Created\": \"6/17/2020 3:11:16 PM\", \"Device Name\": \"TESTHOST007\", \"Files Analyzed\": \"111202\", \"IP Addresses\": \"10.139.62.66\", \"Is Online\": \"True\", \"Last Reported User\": \"ABC\\\\TEST-USER010\\\\TEST-USER01\", \"Mac Addresses\": \"00-0D-3A-F5-9F-53\", \"OS Version\": \"Microsoft Windows Server 2016 Datacenter\", \"Offline Date\": \"N/A\", \"Online Date\": \"12/1/2020 5:08:53 AM\", \"Policy\": \"Server - Standard\", \"Serial Number\": \"12cc5849-348f-4364-92ad-371127c3a965\", \"Tenant\": \"ABC\", \"Zones\": \"Agent Update - Windows - Production 3, Device Type - Server\"}", + "EventType": "", + "EventName": "", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "2.1.1570.35", + "SrcIpAddr": "[\"10.240.76.60\"]", + "SrcMacAddr": "[\"00-0D-3A-F5-9F-53\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "Microsoft Windows Server 2016 Datacenter", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 3\",\" Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "FALSE", + "EventCreationTime": "6/17/2020 15:11", + "FilesAnalyzed": "111202", + "IsOnline": "TRUE", + "LastReportedUser": "ABC\\TEST-USER010,ABC\\TEST-USER01", + "OfflineDate": "N/A", + "OnlineDate": "12/1/2020 5:08", + "Policy": "Server - Standard", + "SerialNumber": "12cc5849-348f-4364-92ad-371127c3a965", + "Tenant": "ABC", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "{\"Agent Version\": \"2.1.1570.35\", \"Background Detection\": \"False\", \"Created\": \"6/24/2020 2:41:44 AM\", \"Device Name\": \"TESTHOST002\", \"Files Analyzed\": \"93993\", \"IP Addresses\": \"192.247.144.112\", \"Is Online\": \"True\", \"Last Reported User\": \"ABC\\\\TEST-USER012,ABC\\\\TEST-USER099\", \"Mac Addresses\": \"00-50-56-94-CC-5D\", \"OS Version\": \"Microsoft Windows Server 2016 Standard\", \"Offline Date\": \"N/A\", \"Online Date\": \"12/1/2020 6:05:07 AM\", \"Policy\": \"Server - Standard\", \"Serial Number\": \"47b9068b-8e4b-4a9b-8783-47831f3fa03f\", \"Tenant\": \"ABC\", \"Zones\": \"Agent Update - Windows - Production 3, Device Type - Server\"}", + "EventType": "", + "EventName": "", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "2.1.1570.35", + "SrcIpAddr": "[\"10.228.98.26\"]", + "SrcMacAddr": "[\"00-50-56-94-CC-5D\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "Microsoft Windows Server 2016 Standard", + "ZoneNames_dynamic": "[\"Agent Update - Windows - Production 3\",\" Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "FALSE", + "EventCreationTime": "6/24/2020 2:41", + "FilesAnalyzed": "93993", + "IsOnline": "TRUE", + "LastReportedUser": "ABC\\TEST-USER012,ABC\\TEST-USER099", + "OfflineDate": "N/A", + "OnlineDate": "12/1/2020 6:05", + "Policy": "Server - Standard", + "SerialNumber": "47b9068b-8e4b-4a9b-8783-47831f3fa03f", + "Tenant": "ABC", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "{\"Agent Version\": \"2.1.1570.35\", \"Background Detection\": \"False\", \"Created\": \"5/27/2020 6:29:13 AM\", \"Device Name\": \"TESTHOST004\", \"Files Analyzed\": \"118860\", \"IP Addresses\": \"10.39.114.192\", \"Is Online\": \"True\", \"Last Reported User\": \"ABC\\\\SVC-ACCT001\", \"Mac Addresses\": \"00-0D-3A-FD-5B-E4\", \"OS Version\": \"Microsoft Windows Server 2016 Datacenter\", \"Offline Date\": \"N/A\", \"Online Date\": \"12/1/2020 5:04:54 AM\", \"Policy\": \"Server - Standard\", \"Serial Number\": \"ef6fc652-19e0-4f78-8ce8-04038cbb96d2\", \"Tenant\": \"ABC\", \"Zones\": \"Agent Update - Server - Pilot, Device Type - Server\"}", + "EventType": "", + "EventName": "", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "2.1.1570.35", + "SrcIpAddr": "[\"10.240.209.5\"]", + "SrcMacAddr": "[\"00-0D-3A-FD-5B-E4\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "Microsoft Windows Server 2016 Datacenter", + "ZoneNames_dynamic": "[\"Agent Update - Server - Pilot\",\" Device Type - Server\"]", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "FALSE", + "EventCreationTime": "5/27/2020 6:29", + "FilesAnalyzed": "118860", + "IsOnline": "TRUE", + "LastReportedUser": "ABC\\SVC-ACCT001", + "OfflineDate": "N/A", + "OnlineDate": "12/1/2020 5:04", + "Policy": "Server - Standard", + "SerialNumber": "ef6fc652-19e0-4f78-8ce8-04038cbb96d2", + "Tenant": "ABC", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 20:38:45 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.248.1.225, User: Test User01 (testuser01@abc.com)", + "EventType": "AuditLog", + "EventName": "LoginSuccess", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "Test User01 (testuser01@abc.com)", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "CylancePROTECT", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:04:24 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 10.100.237.101, User: Test User01 (testuser01@abc.com)", + "EventType": "AuditLog", + "EventName": "LoginSuccess", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "Test User01 (testuser01@abc.com)", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "CylancePROTECT", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 16:56:53 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: DeviceRemove, Message: Devices: TESTHOST0032, User: Test User01 (testuser01@abc.com)", + "EventType": "AuditLog", + "EventName": "DeviceRemove", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "Test User01 (testuser01@abc.com)", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 16:56:16 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: DeviceRemove, Message: Devices: TESTHOST0024, User: Test User01 (testuser01@abc.com)", + "EventType": "AuditLog", + "EventName": "DeviceRemove", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "Test User01 (testuser01@abc.com)", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 16:55:14 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.44.63.254, User: Test User01 (testuser01@abc.com)", + "EventType": "AuditLog", + "EventName": "LoginSuccess", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "Test User01 (testuser01@abc.com)", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "CylancePROTECT", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 09:53:25 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.26.244.12, User: Test User02 (testuser02@abc.com)", + "EventType": "AuditLog", + "EventName": "LoginSuccess", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "Test User02 (testuser02@abc.com)", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "CylancePROTECT", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 06:08:40 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 192.91.129.253, User: Test User02 (testuser02@abc.com)", + "EventType": "AuditLog", + "EventName": "LoginSuccess", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "Test User02 (testuser02@abc.com)", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "CylancePROTECT", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 13:06:39 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.246.21.80, User: Test User03 (testuser03@abc.com)", + "EventType": "AuditLog", + "EventName": "LoginSuccess", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "Test User03 (testuser03@abc.com)", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "CylancePROTECT", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 11:18:49 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.118.99.219, User: Test User03 (testuser03@abc.com)", + "EventType": "AuditLog", + "EventName": "LoginSuccess", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "Test User03 (testuser03@abc.com)", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "CylancePROTECT", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 20:20:10 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 10.130.191.222, User: Test User03 (testuser03@abc.com)", + "EventType": "AuditLog", + "EventName": "LoginSuccess", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "Test User03 (testuser03@abc.com)", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "CylancePROTECT", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:11:56 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: DeviceEdit, Message: Device: TESTHOST0014; Policy Changed: 'Server - Standard' to 'Server - Standard - Clone - PHX10448532', User: Test User03 (testuser03@abc.com)", + "EventType": "AuditLog", + "EventName": "DeviceEdit", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "Test User03 (testuser03@abc.com)", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "'Server - Standard' to 'Server - Standard - Clone - PHX10448532'", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 19:11:00 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 192.214.171.47, User: Test User03 (testuser03@abc.com)", + "EventType": "AuditLog", + "EventName": "LoginSuccess", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "Test User03 (testuser03@abc.com)", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "CylancePROTECT", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Nov 30 17:56:28 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.29.29.216, User: Test User03 (testuser03@abc.com)", + "EventType": "AuditLog", + "EventName": "LoginSuccess", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "Test User03 (testuser03@abc.com)", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "CylancePROTECT", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "Dec 1 11:14:44 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 10.229.249.61, User: Test User04 (testuser04@abc.com)", + "EventType": "AuditLog", + "EventName": "LoginSuccess", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "", + "SrcMacAddr": "", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "", + "ZoneNames_string": "", + "FilePath": "", + "FileHashSha256": "", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "Test User04 (testuser04@abc.com)", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "", + "Status": "", + "CylanceScore": "", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "CylancePROTECT", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "", + "Tenant": "", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "{\"Classification\": \"N/A\", \"Cylance Score\": \"60\", \"Date\": \"11/30/2020 2:51:51 PM\", \"Detected By\": \"Execution Control\", \"Device Name\": \"TESTHOST029\", \"Event Status\": \"quarantined\", \"Ever Run\": \"True\", \"File Path\": \"C:\\\\Users\\\\testuser\\\\AppData\\\\Local\\\\Temp\\\\MBX@4468@3A51B30.###\", \"MD5\": \"1219CD69638731CDCADE5E3C0A83096C\", \"Running\": \"True\", \"SHA256\": \"7E4DA5AAEF09B09138C84BC4D06B2BE7F92B4069A58077A044135A6406C86547\", \"Serial Number\": \"333b84cb-5eb3-4733-b57b-5a17d06f8043\", \"Tenant\": \"ABC\"}", + "EventType": "", + "EventName": "", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"\"]", + "SrcMacAddr": "[\"\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"\"]", + "ZoneNames_string": "", + "FilePath": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\MBX@4468@3A51B30.###", + "FileHashSha256": "7E4DA5AAEF09B09138C84BC4D06B2BE7F92B4069A58077A044135A6406C86547", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "1219CD69638731CDCADE5E3C0A83096C", + "Status": "", + "CylanceScore": "60", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "Execution Control", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "Tenant": "ABC", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "N/A", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "TRUE", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "TRUE", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "{\"Classification\": \"N/A\", \"Cylance Score\": \"65\", \"Date\": \"11/30/2020 2:16:58 PM\", \"Detected By\": \"File Watcher\", \"Device Name\": \"TESTHOST029\", \"Event Status\": \"quarantined\", \"Ever Run\": \"True\", \"File Path\": \"C:\\\\Users\\\\testuser\\\\AppData\\\\Local\\\\Temp\\\\MBX@2970@3B21B30.###\", \"MD5\": \"68AD7C10B9700251F5A266DD4822FAD9\", \"Running\": \"True\", \"SHA256\": \"173F59A7141AC5AF2A2B225DB3E8DCFD1C9F041B008506D821428A1DFA368AE0\", \"Serial Number\": \"333b84cb-5eb3-4733-b57b-5a17d06f8043\", \"Tenant\": \"ABC\"}", + "EventType": "", + "EventName": "", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"\"]", + "SrcMacAddr": "[\"\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"\"]", + "ZoneNames_string": "", + "FilePath": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\MBX@2970@3B21B30.###", + "FileHashSha256": "173F59A7141AC5AF2A2B225DB3E8DCFD1C9F041B008506D821428A1DFA368AE0", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "68AD7C10B9700251F5A266DD4822FAD9", + "Status": "", + "CylanceScore": "65", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "File Watcher", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "Tenant": "ABC", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "N/A", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "TRUE", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "TRUE", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "{\"Classification\": \"N/A\", \"Cylance Score\": \"67\", \"Date\": \"11/30/2020 2:16:38 PM\", \"Detected By\": \"File Watcher\", \"Device Name\": \"TESTHOST029\", \"Event Status\": \"quarantined\", \"Ever Run\": \"True\", \"File Path\": \"C:\\\\Users\\\\testuser\\\\AppData\\\\Local\\\\Temp\\\\MBX@4994@3A01B30.###\", \"MD5\": \"CC01091318C86C6A8FFA1150B7BE7F17\", \"Running\": \"True\", \"SHA256\": \"75B92660B6EB4FB1B848CC08CBB591CEF729FAA02C43086DD3B88494B75FD004\", \"Serial Number\": \"333b84cb-5eb3-4733-b57b-5a17d06f8043\", \"Tenant\": \"ABC\"}", + "EventType": "", + "EventName": "", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"\"]", + "SrcMacAddr": "[\"\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"\"]", + "ZoneNames_string": "", + "FilePath": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\MBX@4994@3A01B30.###", + "FileHashSha256": "75B92660B6EB4FB1B848CC08CBB591CEF729FAA02C43086DD3B88494B75FD004", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "CC01091318C86C6A8FFA1150B7BE7F17", + "Status": "", + "CylanceScore": "67", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "File Watcher", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "Tenant": "ABC", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "N/A", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "TRUE", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "TRUE", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "{\"Classification\": \"N/A\", \"Cylance Score\": \"54\", \"Date\": \"11/30/2020 2:16:18 PM\", \"Detected By\": \"File Watcher\", \"Device Name\": \"TESTHOST029\", \"Event Status\": \"quarantined\", \"Ever Run\": \"True\", \"File Path\": \"C:\\\\Users\\\\testuser\\\\AppData\\\\Local\\\\Temp\\\\MBX@2CE8@3991B30.###\", \"MD5\": \"1AAFDAD28E362C660770B9E14971092C\", \"Running\": \"True\", \"SHA256\": \"1093CECFE64612EF7EFBC3F91A94C899FA8BEE45529403669385CF2DF0ED1435\", \"Serial Number\": \"333b84cb-5eb3-4733-b57b-5a17d06f8043\", \"Tenant\": \"ABC\"}", + "EventType": "", + "EventName": "", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"\"]", + "SrcMacAddr": "[\"\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"\"]", + "ZoneNames_string": "", + "FilePath": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\MBX@2CE8@3991B30.###", + "FileHashSha256": "1093CECFE64612EF7EFBC3F91A94C899FA8BEE45529403669385CF2DF0ED1435", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "1AAFDAD28E362C660770B9E14971092C", + "Status": "", + "CylanceScore": "54", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "File Watcher", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "Tenant": "ABC", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "N/A", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "TRUE", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "TRUE", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + }, + { + "SyslogMessage": "{\"Classification\": \"N/A\", \"Cylance Score\": \"61\", \"Date\": \"11/30/2020 2:16:17 PM\", \"Detected By\": \"File Watcher\", \"Device Name\": \"TESTHOST029\", \"Event Status\": \"quarantined\", \"Ever Run\": \"True\", \"File Path\": \"C:\\\\Users\\\\testuser\\\\AppData\\\\Local\\\\Temp\\\\MBX@18A4@3B31B30.###\", \"MD5\": \"72738F84DA72B5D399F48CBFC8DC0646\", \"Running\": \"True\", \"SHA256\": \"3D3FA86221DFB7CF844678AC0C1BE2128C3C48EB01EBEA27BDC8EC758FE8EA7B\", \"Serial Number\": \"333b84cb-5eb3-4733-b57b-5a17d06f8043\", \"Tenant\": \"ABC\"}", + "EventType": "", + "EventName": "", + "DeviceName": "", + "AgentVersion_string": "", + "AgentVersion_dynamic": "", + "SrcIpAddr": "[\"\"]", + "SrcMacAddr": "[\"\"]", + "LoggedOnUsers": "", + "OsVersion_string": "", + "OsVersion_dynamic": "", + "ZoneNames_dynamic": "[\"\"]", + "ZoneNames_string": "", + "FilePath": "C:\\Users\\jdearien\\AppData\\Local\\Temp\\MBX@18A4@3B31B30.###", + "FileHashSha256": "3D3FA86221DFB7CF844678AC0C1BE2128C3C48EB01EBEA27BDC8EC758FE8EA7B", + "Interpreter": "", + "InterpreterVersion": "", + "UserName": "", + "DeviceId": "", + "PolicyName": "", + "FileName": "", + "Path": "", + "DriveType": "", + "FileHashMd5": "72738F84DA72B5D399F48CBFC8DC0646", + "Status": "", + "CylanceScore": "61", + "FoundDate": "", + "FileType": "", + "IsRunning": "", + "AutoRun": "", + "DetectedBy": "File Watcher", + "IsMalware": "", + "IsUniqueToCylance": "", + "ThreatClassification": "", + "ExtDeviceType": "", + "ExtDeviceVendorId": "", + "ExtDeviceName": "", + "ExtDeviceProductId": "", + "ExtDeviceSerialNumber": "", + "Provider": "", + "PolicyChanged": "", + "BackgroundDetection": "", + "EventCreationTime": "", + "FilesAnalyzed": "", + "IsOnline": "", + "LastReportedUser": "", + "OfflineDate": "", + "OnlineDate": "", + "Policy": "", + "SerialNumber": "333b84cb-5eb3-4733-b57b-5a17d06f8043", + "Tenant": "ABC", + "AvIndustry": "", + "AccessTime": "", + "CertIssuer": "", + "CertPublisher": "", + "CertSubject": "", + "CertTimestamp": "", + "Classification_": "N/A", + "CompanyName": "", + "Copyright": "", + "CreateTime": "", + "Description": "", + "EverRun": "TRUE", + "FileOwner": "", + "FileSize": "", + "FileStatus": "", + "FileVersion": "", + "FirstFound": "", + "GlobalQuarantined": "", + "LastFound": "", + "ModificationTime": "", + "ProductName": "", + "Running": "TRUE", + "Safelisted": "", + "SignatureStatus": "", + "Signed": "" + } +]