TimeGenerated,DeviceVendor,DeviceEventClassID,LogSeverity,DestinationIP,DeviceName,SourceIP,DeviceVersion,Activity,DestinationHostName,ExternalID,SourceHostName,SourceUserName,DeviceCustomString4,FlexNumber1,FlexNumber2,AdditionalExtensions,Type
2020-03-23T04:56:44.907Z,Vectra Networks,hsc,3,10.0.1.2,device1,10.0.2.3,5.5,Host Score Change,device22,27,device1,user1,https://xyz.rt.tv/hosts/27,99,76,cat=HOST SCORING;start=1584939404903;end=1584939404903,CommonSecurityLog
2020-03-23T04:56:44.906Z,Vectra Networks,asc,3,10.0.2.3,device2,10.0.3.5,5.5,Account Score Change,device34,23,device2,admin,https://xyz.rt.tv/accounts/23,45,56,cat=ACCOUNT SCORING;saccount=xyz.example.com;start=1584900305119;end=1584900305119,CommonSecurityLog
2020-03-23T04:56:43.907Z,Vectra Networks,campaigns,3,10.0.2.5,device3,10.0.5.6,5.5,winatp-gw-cus.microsoft.com,device25,25,device3,user2,https://xyz.rt.tv/campaigns/24,10,98,at=CAMPAIGNS;reason=Connection,CommonSecurityLog
2020-03-23T04:56:42.907Z,Vectra Networks,audit,3,10.0.4.6,device4,10.0.6.7,5.5,user_action,device2,45,device4,user3,,45,56,cat=user_action;outcome=True,CommonSecurityLog
2020-03-23T04:56:41.907Z,Vectra Networks,health,3,10.0.2.3,device5,10.0.7.2,5.5,outcome=success,device05,21,device5,user1,,25,63,heartbeat_check,CommonSecurityLog
2020-05-14T05:46:11.147Z,Vectra Networks,reverse_rat,0,10.20.5.52,dogfood.vectra.io,10.13.150.52,5.7,External Remote Access,ec2-100-20-5-52.us-west-2.compute.amazonaws.com,44317,d8:c4:6a:57:07:85,admin,https://dogfood.vectra.io/detections/44317?detail_id\=561693,0,0,cat=COMMAND & CONTROL;start=1585843645000;end=1589435013000,CommonSecurityLog
2020-05-13T23:59:47.193Z,Vectra Networks,frontwatch,5,0.0.0.0,dogfood.vectra.io,12.168.128.13,5.7,Multi-home Fronted Tunnel,,44556,demisto-vhe-5.0.0-20-62,user1,https://dogfood.vectra.io/detections/44556?detail_id\=561536,54,75,cat=COMMAND & CONTROL;start=1589404113000;end=1589414267000,CommonSecurityLog
2020-05-14T03:18:19.16Z,Vectra Networks,smb_enum_share,7,10.100.199.87,x4-3-14.sc.tvec,10.100.199.10,5.7,File Share Enumeration,,38,dc2-aws-us-west-01,admin,https://x4-3-14.sc.tvec/detections/38?detail_id\=123,70,47,cat=RECONNAISSANCE;start=1589426124000;end=1589426178000,CommonSecurityLog
2020-05-14T05:46:29.577Z,Vectra Networks,hidden_http_tunnel_cnc,3,14.209.123.148,x4-3-14.sc.tvec,10.168.90.103,5.7,Hidden HTTP Tunnel,ec2-34-209-123-148.us-west-2.compute.amazonaws.com,32,Zanzibar,user2,https://x4-3-14.sc.tvec/detections/32?detail_id\=201,37,59,cat=COMMAND & CONTROL;start=1589424622000;end=1589435024000,CommonSecurityLog
2020-05-14T03:23:30.64Z,Vectra Networks,port_sweep,5,0.0.0.0,x4-3-14.sc.tvec,10.100.199.10,5.7,Port Sweep,,40,dc2-aws-us-west-01,user1,https://x4-3-14.sc.tvec/detections/40?detail_id\=125,52,72,cat=RECONNAISSANCE;start=1589425892000;end=1589426045000,CommonSecurityLog
2020-05-14T01:14:37.297Z,Vectra Networks,darknet,5,10.168.13.178,x4-2-9.sc.tvec,10.168.153.17,5.6,Internal Darknet Scan,,132,cr_leroy_brown,,https://x4-2-9.sc.tvec/detections/132?detail_id\=712,50,52,cat=RECONNAISSANCE;start=1589240446000;end=1589355443000,CommonSecurityLog
2020-05-14T05:34:43.93Z,Vectra Networks,hidden_https_tunnel_cnc,0,15.66.140.169,dogfood.vectra.io,10.168.55.76,5.7,Hidden HTTPS Tunnel,ed075b8f-ff30-4418-bd42-b37a61451a90.ods.opinsights.azure.com,44563,oms-azure,,https://dogfood.vectra.io/detections/44563?detail_id\=561688,0,0,cat=COMMAND & CONTROL;start=1589425685000;end=1589434339000,CommonSecurityLog
2020-05-14T03:33:05.873Z,Vectra Networks,brute_force_i2i,0,10.168.7.178,dogfood.vectra.io,10.168.54.247,5.7,Brute-Force,sourcecode.tvec,44470,buildvm27.vectra.io,user1,https://dogfood.vectra.io/detections/44470?detail_id\=561637,0,0,cat=LATERAL MOVEMENT;start=1588475968000;end=1589425390000,CommonSecurityLog
2020-05-14T03:12:45.757Z,Vectra Networks,smb_psexec,2,10.100.199.10,x4-3-14.sc.tvec,10.168.199.30,5.7,Suspicious Remote Execution,,36,Deacon-desktop,admin,https://x4-3-14.sc.tvec/detections/36?detail_id\=102,20,95,cat=LATERAL MOVEMENT;start=1589425711000;end=1589425785000,CommonSecurityLog
2020-05-14T02:22:15.027Z,Vectra Networks,ldap_recon,2,10.168.90.2,x4-3-14.sc.tvec,10.168.90.101,5.7,Suspicious LDAP Query,,27,XianFS,user2,https://x4-3-14.sc.tvec/detections/27?detail_id\=58,21,25,cat=RECONNAISSANCE;start=1589422763000;end=1589422764000,CommonSecurityLog
2020-05-14T03:17:18.6Z,Vectra Networks,port_scan,6,10.168.60.61,x4-3-14.sc.tvec,10.168.30.189,5.7,Port Scan,,33,Cabot-desktop,,https://x4-3-14.sc.tvec/detections/33?detail_id\=118,60,80,cat=RECONNAISSANCE;start=1589424950000;end=1589425650000,CommonSecurityLog
2020-05-14T03:27:51.773Z,Vectra Networks,papi_rogue_admin,7,0.0.0.0,device6,,5.7,Privilege Anomaly: Unusual Service,,43,,user1,https://x4-3-14.sc.tvec/detections/43?detail_id\=127,75,95,cat=LATERAL MOVEMENT;account=deacon@lab.tme.local;start=1589426840000;end=1589426840000,CommonSecurityLog
2020-05-14T05:12:30.773Z,Vectra Networks,hidden_dns_tunnel_cnc,1,10.168.90.2,x4-3-14.sc.tvec,10.168.90.103,5.7,Hidden DNS Tunnel,,48,Zanzibar,cognito,https://x4-3-14.sc.tvec/detections/48?detail_id\=193,19,14,cat=COMMAND & CONTROL;start=1589431742000;end=1589432874000,CommonSecurityLog
2020-05-14T05:27:34.37Z,Vectra Networks,cnc_dga,1,8.8.8.8,x4-3-14.sc.tvec,10.168.173.204,5.7,Suspect Domain Activity,mail.baffcaaccaacac.ru,53,IP-192.168.173.204,,https://x4-3-14.sc.tvec/detections/53?detail_id\=8,16,16,cat=COMMAND & CONTROL;start=1589433969000;end=1589434015000,CommonSecurityLog
2020-05-14T00:14:30.24Z,Vectra Networks,hidden_dns_tunnel_exfil,4,10.168.55.10,x4-3-14.sc.tvec,10.168.51.6,5.7,Hidden DNS Tunnel,snakeoil.biz,12,Jun-Long,admin,https://x4-3-14.sc.tvec/detections/12?detail_id\=23,42,78,cat=EXFILTRATION;start=1589414902000;end=1589415109000,CommonSecurityLog
2020-05-14T05:01:12.407Z,Vectra Networks,smuggler,0,10.10.150.122,dogfood.vectra.io,10.168.54.121,5.7,Data Smuggler,725338656596.dkr.ecr.us-west-2.amazonaws.com,44506,buildvm19.vectra.io,,https://dogfood.vectra.io/detections/44506?detail_id\=561674,0,0,cat=EXFILTRATION;start=1588892692000;end=1589432362000,CommonSecurityLog
2020-05-14T02:07:41.607Z,Vectra Networks,papi_breach,9,0.0.0.0,device7,,5.7,Privilege Anomaly: Unusual Trio,,25,,,https://x4-3-14.sc.tvec/detections/25?detail_id\=54,95,95,cat=LATERAL MOVEMENT;account=svc-x45h8@corp.example.com;start=1589412661000;end=1589413687000,CommonSecurityLog
2020-05-14T03:34:33.977Z,Vectra Networks,watchmen,7,192.168.13.19,x4-2-9.sc.tvec,10.168.153.17,5.6,Suspicious Admin,,133,cr_leroy_brown,,https://x4-2-9.sc.tvec/detections/133?detail_id\=713,70,73,cat=LATERAL MOVEMENT;start=1589268477000;end=1589268477000,CommonSecurityLog
2020-05-14T00:09:53.887Z,Vectra Networks,sw_o365_paaAzureADAnomaly,0,0.0.0.0,device8,,5.7,O365 Suspicious AzureAD Operation,,44562,,user1,https://dogfood.vectra.io/detections/44562?detail_id\=561547,6,25,cat=LATERAL MOVEMENT;account=O365:aleader@vectra.ai;start=1589406327000;end=1589406327000,CommonSecurityLog
2020-05-14T01:59:45.857Z,Vectra Networks,rpc_recon,3,0.0.0.0,x4-3-14.sc.tvec,192.168.150.100,5.7,RPC Recon,,22,Piper-desktop,,https://x4-3-14.sc.tvec/detections/22?detail_id\=50,30,63,cat=RECONNAISSANCE;start=1589421555000;end=1589421555000,CommonSecurityLog
2020-05-14T03:17:18.61Z,Vectra Networks,stage_loader,8,10.100.199.10,x4-3-14.sc.tvec,192.168.199.30,5.7,Internal Stage Loader,,37,Deacon-desktop,,https://x4-3-14.sc.tvec/detections/37?detail_id\=119,88,88,cat=LATERAL MOVEMENT;start=1589425711000;end=1589425824000,CommonSecurityLog
2020-05-14T02:37:33.177Z,Vectra Networks,tor,1,10.16.0.1,x4-3-14.sc.tvec,192.168.152.194,5.7,TOR Activity,www.7tcqy6kttln6.com,29,IP-192.168.152.194,admin,https://x4-3-14.sc.tvec/detections/29?detail_id\=63,14,13,cat=COMMAND & CONTROL;start=1589423775000;end=1589423812000,CommonSecurityLog
2020-05-14T03:07:34.377Z,Vectra Networks,binaryloader,7,37.230.114.67,x4-3-14.sc.tvec,192.168.173.101,5.7,Malware Update,mail.baffcaaccaacac.ru,35,IP-192.168.173.101,cognito,https://x4-3-14.sc.tvec/detections/35?detail_id\=96,70,78,cat=COMMAND & CONTROL;start=1589425586000;end=1589425586000,CommonSecurityLog
2020-05-14T04:07:21.503Z,Vectra Networks,smb_ransomware,9,192.168.12.5,x4-3-14.sc.tvec,192.168.152.194,5.7,Ransomware File Activity,,46,DJComp,user2,https://x4-3-14.sc.tvec/detections/46?detail_id\=142,90,77,cat=LATERAL MOVEMENT;start=1589423897000;end=1589429106000,CommonSecurityLog
2020-05-14T05:05:28.97Z,Vectra Networks,smash_n_grab,6,172.217.23.129,x4-3-14.sc.tvec,10.100.199.10,5.7,Smash and Grab,172.217.23.129,51,dc2-aws-us-west-01,,https://x4-3-14.sc.tvec/detections/51?detail_id\=186,60,11,cat=EXFILTRATION;start=1589430827000;end=1589432626000,CommonSecurityLog
2020-05-14T05:14:01.22Z,Vectra Networks,hidden_https_tunnel_exfil,9,172.217.23.129,x4-3-14.sc.tvec,10.100.199.10,5.7,Hidden HTTPS Tunnel,fra16s18-in-f1.1e100.net,52,dc2-aws-us-west-01,,https://x4-3-14.sc.tvec/detections/52?detail_id\=194,95,80,cat=EXFILTRATION;start=1589430827000;end=1589433101000,CommonSecurityLog
2020-05-13T21:52:29.68Z,Vectra Networks,awb,1,0.0.0.0,x4-3-14.sc.tvec,192.168.173.101,5.7,Abnormal Web Activity,,5,BThomas-Win7,user1,https://x4-3-14.sc.tvec/detections/5?detail_id\=13,10,25,cat=BOTNET ACTIVITY;start=1589405636000;end=1589406251000,CommonSecurityLog
2020-05-13T21:17:31.157Z,Vectra Networks,internal_spreading,2,10.168.173.207,x4-3-14.sc.tvec,192.168.122.49,5.7,Automated Replication,,2,IP-192.168.122.49,,https://x4-3-14.sc.tvec/detections/2?detail_id\=5,22,22,cat=LATERAL MOVEMENT;start=1589404574000;end=1589404601000,CommonSecurityLog
2020-05-13T08:31:27.43Z,Vectra Networks,out_dos,1,11.1.1.2,x4-3-14.sc.tvec,192.168.196.9,5.6,Outbound DoS,,29,IP-192.168.196.9,,https://x4-3-14.sc.tvec/detections/29?detail_id\=51,10,56,cat=BOTNET ACTIVITY;start=1589358623000;end=1589358629000,CommonSecurityLog
2020-05-13T08:54:32.61Z,Vectra Networks,shell_knocker_c2s,0,12.168.255.254,x4-3-14.sc.tvec,192.168.173.101,5.6,Shell Knocker Client,,31,BThomas-Win7,user1,https://x4-3-14.sc.tvec/detections/31?detail_id\=53,5,5,cat=LATERAL MOVEMENT;start=1589357035000;end=1589358136000,CommonSecurityLog
2020-05-13T08:54:32.617Z,Vectra Networks,shell_knocker_s2c,0,10.168.173.101,x4-3-14.sc.tvec,192.168.255.254,5.6,Shell Knocker Server,,32,edgefw01,cognito,https://x4-3-14.sc.tvec/detections/32?detail_id\=54,5,5,cat=LATERAL MOVEMENT;start=1589355953000;end=1589356635000,CommonSecurityLog
2020-05-13T09:33:34.047Z,Vectra Networks,spam,5,11.1.2.7,x4-3-14.sc.tvec,192.168.12.33,5.6,Outbound Spam,,34,IP-192.168.12.33,admin,https://x4-3-14.sc.tvec/detections/34?detail_id\=56,50,95,cat=BOTNET ACTIVITY;start=1589362339000;end=1589362372000,CommonSecurityLog
2020-05-13T16:28:22.757Z,Vectra Networks,bitcoin,1,10.243.44.230,x4-2-17.sc.tvec,192.168.173.201,5.6,Cryptocurrency Mining,api.groupfabric.com,130,IP-192.168.173.201,,https://x4-2-17.sc.tvec/detections/130?detail_id\=513,10,90,cat=BOTNET ACTIVITY;start=1589387249000;end=1589387249000,CommonSecurityLog
2020-05-13T13:07:19.903Z,Vectra Networks,http_cnc,4,10.108.142.138,x4-3-14.sc.tvec,192.168.193.15,5.6,Suspicious HTTP,data.torntv.net,41,IP-192.168.193.15,user2,https://x4-3-14.sc.tvec/detections/41?detail_id\=84,40,60,cat=COMMAND & CONTROL;start=1589375181000;end=1589375209000,CommonSecurityLog
2020-05-13T13:24:23.74Z,Vectra Networks,sql_inject,5,10.168.14.73,x4-3-14.sc.tvec,192.168.174.114,5.6,SQL Injection Activity,,42,IP-192.168.174.114,,https://x4-3-14.sc.tvec/detections/42?detail_id\=86,50,77,cat=LATERAL MOVEMENT;start=1589376192000;end=1589376215000,CommonSecurityLog
2020-05-13T21:27:33.413Z,Vectra Networks,click_fraud,3,0.0.0.0,x4-3-14.sc.tvec,192.168.173.101,5.7,Abnormal Ad Activity,,3,IP-192.168.173.101,user1,https://x4-3-14.sc.tvec/detections/3?detail_id\=7,30,10,cat=BOTNET ACTIVITY;start=1589404267000;end=1589404865000,CommonSecurityLog
2020-05-13T16:40:57.17Z,Vectra Networks,stealth_post,5,12.114.143.248,x4-3-14.sc.tvec,192.168.101.101,5.6,Stealth HTTP Post,iqingjiangmiyu.com,44,IP-192.168.101.101,,https://x4-3-14.sc.tvec/detections/44?detail_id\=89,50,94,cat=COMMAND & CONTROL;start=1589387943000;end=1589387943000,CommonSecurityLog
2020-05-13T09:05:27.903Z,Vectra Networks,out_port_sweep,5,0.0.0.0,x4-3-14.sc.tvec,192.168.152.194,5.6,Outbound Port Sweep,,33,DJComp,,https://x4-3-14.sc.tvec/detections/33?detail_id\=55,50,95,cat=BOTNET ACTIVITY;start=1589352122000;end=1589353668000,CommonSecurityLog
2020-05-11T11:22:40.99Z,Vectra Networks,rdp_recon,7,10.168.14.73,x4-2-9.sc.tvec,192.168.76.22,5.6,RDP Recon,,97,IP-192.168.76.22,,https://x4-2-9.sc.tvec/detections/97?detail_id\=483,70,95,cat=RECONNAISSANCE;start=1589195829000;end=1589196140000,CommonSecurityLog
2020-05-07T06:49:07.023Z,Vectra Networks,brute_force_i2o,1,11.1.2.18,x4-2-9.sc.tvec,172.16.199.72,5.6,Brute-Force,foo.com,129,IP-172.16.199.72,,https://x4-2-9.sc.tvec/detections/129?detail_id\=497,10,40,cat=BOTNET ACTIVITY;start=1588834052000;end=1588834053000,CommonSecurityLog
2020-05-11T16:23:29.357Z,Vectra Networks,papi_admin_peer_console,5,0.0.0.0,device9,,5.6,Privilege Anomaly: Unusual Account on Host,,111,,admin,https://x4-2-9.sc.tvec/detections/111?detail_id\=501,55,95,cat=LATERAL MOVEMENT;account=cj@corp.example.com;start=1589205383000;end=1589211865000,CommonSecurityLog
2020-05-13T17:46:04.253Z,Vectra Networks,lockdown,3,,,,5.6,Account Lockdown,,80,,cognito,https://x4-2-9.sc.tvec/accounts/80,null,null,cat=LOCKDOWN;account=sysadmin@corp.example.com;start=1589391964246;end=1589391964246,CommonSecurityLog
2020-05-12T16:28:29.81Z,Vectra Networks,smb_brute_force,7,10.168.90.131,x4-2-17.sc.tvec,192.168.196.207,5.6,SMB Brute-Force,,125,IP-192.168.196.207,,https://x4-2-17.sc.tvec/detections/125?detail_id\=499,70,54,cat=LATERAL MOVEMENT;start=1589300883000;end=1589300884000,CommonSecurityLog
2020-05-11T11:47:36.99Z,Vectra Networks,rdp_anomaly,7,10.168.12.11,x4-2-9.sc.tvec,192.168.76.22,5.6,Suspicious Remote Desktop,,98,andyb,,https://x4-2-9.sc.tvec/detections/98?detail_id\=484,70,10,cat=LATERAL MOVEMENT;start=1589197629000;end=1589197629000,CommonSecurityLog
2020-05-13T17:26:02.197Z,Vectra Networks,papi_unusual_admin_console,7,0.0.0.0,device10,,5.6,Privilege Anomaly: Unusual Host,,100,,admin,https://x4-2-9.sc.tvec/detections/100?detail_id\=691,75,95,cat=LATERAL MOVEMENT;account=sysadmin@corp.example.com;start=1589091765000;end=1589358325000,CommonSecurityLog
2020-05-11T17:13:32.003Z,Vectra Networks,threat_intel_exfil,7,10.168.236.118,x4-2-9.sc.tvec,192.168.192.194,5.6,Threat Intelligence Match,mutton-raglans.rs,112,IP-192.168.192.194,user1,https://x4-2-9.sc.tvec/detections/112?detail_id\=502,74,60,cat=EXFILTRATION;start=1589217153000;end=1589217170000,CommonSecurityLog
2020-04-28T07:12:01.66Z,Vectra Networks,rpc_recon_1to1,3,10.168.90.2,x4-3-14.sc.tvec,192.168.90.101,5.6,RPC Targeted Recon,,98,XianFS,cognito,https://x4-3-14.sc.tvec/detections/98?detail_id\=490,38,10,cat=RECONNAISSANCE;start=1588035191000;end=1588057274000,CommonSecurityLog
2020-05-13T15:22:25.577Z,Vectra Networks,p2p_cnc,2,11.1.1.7,x4-2-17.sc.tvec,192.168.196.95,5.6,Peer-To-Peer,,129,IP-192.168.196.95,user2,https://x4-2-17.sc.tvec/detections/129?detail_id\=512,20,95,cat=COMMAND & CONTROL;start=1589383283000;end=1589383320000,CommonSecurityLog
2020-05-01T17:52:33.273Z,Vectra Networks,kerberos_password_spray,3,0.0.0.0,dogfood.vectra.io,10.0.2.170,5.7,Kerberos Brute-Sweep,,44464,sjc-dc-1.vectra.io,user1,https://dogfood.vectra.io/detections/44464?detail_id\=550349,38,51,cat=RECONNAISSANCE;start=1588355149000;end=1588355402000,CommonSecurityLog
2020-05-12T08:09:47.46Z,Vectra Networks,smb_enum_user,0,10.168.7.119,dogfood.vectra.io,192.168.7.40,5.7,SMB Account Scan,,44350,sc-insightvm,cognito,https://dogfood.vectra.io/detections/44350?detail_id\=560257,0,0,cat=RECONNAISSANCE;start=1586243556000;end=1589270930000,CommonSecurityLog
2020-04-22T15:33:26.577Z,Vectra Networks,TEST,,,,,lockdown,,,null,,,,null,null,,CommonSecurityLog
2020-05-13T00:09:26.95Z,Vectra Networks,sw_o365_paaAnomaly,0,0.0.0.0,device11,,5.7,O365 Suspicious Sharepoint Operation,,44550,,user2,https://dogfood.vectra.io/detections/44550?detail_id\=560839,5,20,cat=LATERAL MOVEMENT;account=O365:derek@vectra.ai;start=1589311201000;end=1589311201000,CommonSecurityLog