Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Sample Data/CEF/ArubaClearPass.json

564 строки
18 KiB
JSON
Исходник Ответственный История

[
{
"TenantId": "a131321e-a763-4026-8439-5326aadafd82",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/27/2020, 10:09:35.587 PM",
"ReceiptTime": "Nov 19, 2014 18:21:13 IST",
"DeviceVendor": "Aruba Networks",
"DeviceProduct": "ClearPass",
"DeviceEventClassID": "13-1-0",
"LogSeverity": "5",
"OriginalLogSeverity": "",
"DeviceAction": "ADD",
"SimplifiedDeviceAction": "ADD",
"Computer": "",
"CommunicationDirection": "",
"DeviceFacility": "",
"DestinationPort": "",
"DestinationIP": "",
"DeviceAddress": "",
"DeviceName": "",
"Message": "",
"Protocol": "",
"SourcePort": "",
"SourceIP": "Test Role 10",
"RemoteIP": "",
"RemotePort": "",
"MaliciousIP": "",
"ThreatSeverity": "",
"IndicatorThreatType": "",
"ThreatDescription": "",
"ThreatConfidence": "",
"ReportReferenceLink": "",
"MaliciousIPLongitude": "",
"MaliciousIPLatitude": "",
"MaliciousIPCountry": "",
"DeviceVersion": "6.5.0.68754",
"Activity": "Audit Records",
"ApplicationProtocol": "",
"EventCount": "",
"DestinationDnsDomain": "",
"DestinationServiceName": "",
"DestinationTranslatedAddress": "",
"DestinationTranslatedPort": "",
"DeviceDnsDomain": "",
"DeviceExternalID": "",
"DeviceInboundInterface": "",
"DeviceNtDomain": "",
"DeviceOutboundInterface": "",
"DevicePayloadId": "",
"ProcessName": "",
"DeviceTranslatedAddress": "",
"DestinationHostName": "",
"DestinationMACAddress": "",
"DestinationNTDomain": "",
"DestinationProcessId": "",
"DestinationUserPrivileges": "",
"DestinationProcessName": "",
"DeviceTimeZone": "",
"DestinationUserID": "",
"DestinationUserName": "",
"DeviceMacAddress": "",
"ProcessID": "",
"ExternalID": "",
"FileCreateTime": "",
"FileHash": "",
"FileID": "",
"FileModificationTime": "",
"FilePath": "",
"FilePermission": "",
"FileType": "",
"FileName": "",
"FileSize": "",
"ReceivedBytes": "",
"OldFileCreateTime": "",
"OldFileHash": "",
"OldFileID": "",
"OldFileModificationTime": "",
"OldFileName": "",
"OldFilePath": "",
"OldFilePermission": "",
"OldFileSize": "",
"OldFileType": "",
"SentBytes": "",
"RequestURL": "",
"RequestClientApplication": "",
"RequestContext": "",
"RequestCookies": "",
"RequestMethod": "",
"SourceHostName": "",
"SourceMACAddress": "",
"SourceNTDomain": "",
"SourceDnsDomain": "",
"SourceServiceName": "",
"SourceTranslatedAddress": "",
"SourceTranslatedPort": "",
"SourceProcessId": "",
"SourceUserPrivileges": "",
"SourceProcessName": "",
"SourceUserID": "",
"SourceUserName": "",
"EventType": "",
"DeviceCustomIPv6Address1": "",
"DeviceCustomIPv6Address1Label": "",
"DeviceCustomIPv6Address2": "",
"DeviceCustomIPv6Address2Label": "",
"DeviceCustomIPv6Address3": "",
"DeviceCustomIPv6Address3Label": "",
"DeviceCustomIPv6Address4": "",
"DeviceCustomIPv6Address4Label": "",
"DeviceCustomFloatingPoint1": "",
"DeviceCustomFloatingPoint1Label": "",
"DeviceCustomFloatingPoint2": "",
"DeviceCustomFloatingPoint2Label": "",
"DeviceCustomFloatingPoint3": "",
"DeviceCustomFloatingPoint3Label": "",
"DeviceCustomFloatingPoint4": "",
"DeviceCustomFloatingPoint4Label": "",
"DeviceCustomNumber1": "",
"DeviceCustomNumber1Label": "",
"DeviceCustomNumber2": "",
"DeviceCustomNumber2Label": "",
"DeviceCustomNumber3": "",
"DeviceCustomNumber3Label": "",
"DeviceCustomString1": "",
"DeviceCustomString1Label": "",
"DeviceCustomString2": "",
"DeviceCustomString2Label": "",
"DeviceCustomString3": "",
"DeviceCustomString3Label": "",
"DeviceCustomString4": "",
"DeviceCustomString4Label": "",
"DeviceCustomString5": "",
"DeviceCustomString5Label": "",
"DeviceCustomString6": "",
"DeviceCustomString6Label": "",
"DeviceCustomDate1": "",
"DeviceCustomDate1Label": "",
"DeviceCustomDate2": "",
"DeviceCustomDate2Label": "",
"FlexDate1": "",
"FlexDate1Label": "",
"FlexNumber1": "",
"FlexNumber1Label": "",
"FlexNumber2": "",
"FlexNumber2Label": "",
"FlexString1": "",
"FlexString1Label": "",
"FlexString2": "",
"FlexString2Label": "",
"AdditionalExtensions": "cat=Role;timeFormat=MMM dd yyyy HH:mm:ss.SSS zzz;usrName=admin",
"StartTime [UTC]": "",
"EndTime [UTC]": "",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/7fd67ca4-e443-470d-9bc0-7ce7fa3124fb/resourcegroups/m90-logingestion-rg/providers/microsoft.compute/virtualmachines/m90-siem-vm02",
"Timestamp": "",
"CallingStationId": "",
"InpuOctets": "",
"TimestampFormat": "MMM dd yyyy HH:mm:ss.SSS zzz",
"SessionTime": "",
"FramedIpAddr": "",
"Source": "",
"Method": "",
"SessionId": "",
"ServiceName": "",
"NasPortNumber": "",
"NasPortType": "",
"OutputOctets": "",
"UserName": "",
"NasIpAddr": "",
"AuthorizationSources": "",
"NetworkProtocol": "",
"RequestTimestamp": "",
"LoginStatus": "",
"EnforcementProfiles": "",
"NasPort": "",
"Ssid": "",
"ErrorCode": "",
"Roles": "",
"Service": "",
"SrcMacAddr": "",
"Unhealthy": "",
"CalledStationId": "",
"NasIdentifier": "",
"Category": "Role",
"Description": "",
"Action": "",
"TimeFormat": ""
},
{
"TenantId": "a131321e-a763-4026-8439-5326aadafd82",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/27/2020, 11:13:29.627 PM",
"ReceiptTime": "",
"DeviceVendor": "Aruba Networks",
"DeviceProduct": "ClearPass",
"DeviceEventClassID": "1604-1-0",
"LogSeverity": "0",
"OriginalLogSeverity": "",
"DeviceAction": "",
"SimplifiedDeviceAction": "",
"Computer": "",
"CommunicationDirection": "",
"DeviceFacility": "",
"DestinationPort": "",
"DestinationIP": "",
"DeviceAddress": "",
"DeviceName": "",
"Message": "",
"Protocol": "",
"SourcePort": "",
"SourceIP": "",
"RemoteIP": "",
"RemotePort": "",
"MaliciousIP": "",
"ThreatSeverity": "",
"IndicatorThreatType": "",
"ThreatDescription": "",
"ThreatConfidence": "",
"ReportReferenceLink": "",
"MaliciousIPLongitude": "",
"MaliciousIPLatitude": "",
"MaliciousIPCountry": "",
"DeviceVersion": "6.5.0.68878",
"Activity": "Session Logs",
"ApplicationProtocol": "",
"EventCount": "",
"DestinationDnsDomain": "",
"DestinationServiceName": "",
"DestinationTranslatedAddress": "",
"DestinationTranslatedPort": "",
"DeviceDnsDomain": "",
"DeviceExternalID": "",
"DeviceInboundInterface": "",
"DeviceNtDomain": "",
"DeviceOutboundInterface": "",
"DevicePayloadId": "",
"ProcessName": "",
"DeviceTranslatedAddress": "",
"DestinationHostName": "",
"DestinationMACAddress": "",
"DestinationNTDomain": "",
"DestinationProcessId": "",
"DestinationUserPrivileges": "",
"DestinationProcessName": "",
"DeviceTimeZone": "",
"DestinationUserID": "",
"DestinationUserName": "",
"DeviceMacAddress": "",
"ProcessID": "",
"ExternalID": "",
"FileCreateTime": "",
"FileHash": "",
"FileID": "",
"FileModificationTime": "",
"FilePath": "",
"FilePermission": "",
"FileType": "",
"FileName": "",
"FileSize": "",
"ReceivedBytes": "",
"OldFileCreateTime": "",
"OldFileHash": "",
"OldFileID": "",
"OldFileModificationTime": "",
"OldFileName": "",
"OldFilePath": "",
"OldFilePermission": "",
"OldFileSize": "",
"OldFileType": "",
"SentBytes": "",
"RequestURL": "",
"RequestClientApplication": "",
"RequestContext": "",
"RequestCookies": "",
"RequestMethod": "",
"SourceHostName": "",
"SourceMACAddress": "",
"SourceNTDomain": "",
"SourceDnsDomain": "",
"SourceServiceName": "",
"SourceTranslatedAddress": "",
"SourceTranslatedPort": "",
"SourceProcessId": "",
"SourceUserPrivileges": "",
"SourceProcessName": "",
"SourceUserID": "",
"SourceUserName": "",
"EventType": "",
"DeviceCustomIPv6Address1": "",
"DeviceCustomIPv6Address1Label": "",
"DeviceCustomIPv6Address2": "",
"DeviceCustomIPv6Address2Label": "",
"DeviceCustomIPv6Address3": "",
"DeviceCustomIPv6Address3Label": "",
"DeviceCustomIPv6Address4": "",
"DeviceCustomIPv6Address4Label": "",
"DeviceCustomFloatingPoint1": "",
"DeviceCustomFloatingPoint1Label": "",
"DeviceCustomFloatingPoint2": "",
"DeviceCustomFloatingPoint2Label": "",
"DeviceCustomFloatingPoint3": "",
"DeviceCustomFloatingPoint3Label": "",
"DeviceCustomFloatingPoint4": "",
"DeviceCustomFloatingPoint4Label": "",
"DeviceCustomNumber1": "",
"DeviceCustomNumber1Label": "",
"DeviceCustomNumber2": "",
"DeviceCustomNumber2Label": "",
"DeviceCustomNumber3": "",
"DeviceCustomNumber3Label": "",
"DeviceCustomString1": "",
"DeviceCustomString1Label": "",
"DeviceCustomString2": "",
"DeviceCustomString2Label": "",
"DeviceCustomString3": "",
"DeviceCustomString3Label": "",
"DeviceCustomString4": "",
"DeviceCustomString4Label": "",
"DeviceCustomString5": "",
"DeviceCustomString5Label": "",
"DeviceCustomString6": "",
"DeviceCustomString6Label": "",
"DeviceCustomDate1": "",
"DeviceCustomDate1Label": "",
"DeviceCustomDate2": "",
"DeviceCustomDate2Label": "",
"FlexDate1": "",
"FlexDate1Label": "",
"FlexNumber1": "",
"FlexNumber1Label": "",
"FlexNumber2": "",
"FlexNumber2Label": "",
"FlexString1": "",
"FlexString1Label": "",
"FlexString2": "",
"FlexString2Label": "",
"AdditionalExtensions": "RADIUS.Acct-Calling-Station-Id=00:32:b6:2c:28:95;RADIUS.Acct-Framed-IP-Address=192.167.230.129;RADIUS.Auth-Source=AD:10.17.4.130;RADIUS.Acct-Timestamp=2014-12-01 15:26:43+05:30;RADIUS.Auth-Method=PAP;RADIUS.Acct-Service-Name=Authenticate-Only;RADIUS.Acct-Session-Time=3155;TimestampFormat=MMM dd yyyy HH:mm:ss.SSS zzz;RADIUS.Acct-NAS-Port=0;RADIUS.Acct-Session-Id=R00001316-01-547c3b5a;RADIUS.Acct-NAS-Port-Type=Wireless-802.11;RADIUS.Acct-Output-Octets=578470212;RADIUS.Acct-Username=A_user2;RADIUS.Acct-NAS-IP-Address=10.17.6.124;RADIUS.Acct-Input-Octets=786315664",
"StartTime [UTC]": "",
"EndTime [UTC]": "",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/7fd67ca4-e443-470d-9bc0-7ce7fa3124fb/resourcegroups/m90-logingestion-rg/providers/microsoft.compute/virtualmachines/m90-siem-vm02",
"Timestamp": "2014-12-01 15:26:43+05:30",
"CallingStationId": "00:32:b6:2c:28:95",
"InpuOctets": "",
"TimestampFormat": "MMM dd yyyy HH:mm:ss.SSS zzz",
"SessionTime": "3155",
"FramedIpAddr": "192.167.230.129",
"Source": "AD:10.17.4.130",
"Method": "PAP",
"SessionId": "R00001316-01-547c3b5a",
"ServiceName": "Authenticate-Only",
"NasPortNumber": "0",
"NasPortType": "Wireless-802.11",
"OutputOctets": "578470212",
"UserName": "A_user2",
"NasIpAddr": "10.17.6.124",
"AuthorizationSources": "",
"NetworkProtocol": "",
"RequestTimestamp": "",
"LoginStatus": "",
"EnforcementProfiles": "",
"NasPort": "",
"Ssid": "",
"ErrorCode": "",
"Roles": "",
"Service": "",
"SrcMacAddr": "",
"Unhealthy": "",
"CalledStationId": "",
"NasIdentifier": "",
"Category": "",
"Description": "",
"Action": "",
"TimeFormat": ""
},
{
"TenantId": "a131321e-a763-4026-8439-5326aadafd82",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/27/2020, 10:01:06.239 PM",
"ReceiptTime": "",
"DeviceVendor": "Aruba Networks",
"DeviceProduct": "ClearPass",
"DeviceEventClassID": "0-1-0",
"LogSeverity": "0",
"OriginalLogSeverity": "",
"DeviceAction": "",
"SimplifiedDeviceAction": "",
"Computer": "",
"CommunicationDirection": "",
"DeviceFacility": "",
"DestinationPort": "",
"DestinationIP": "",
"DeviceAddress": "",
"DeviceName": "",
"Message": "",
"Protocol": "",
"SourcePort": "",
"SourceIP": "10.17.4.208",
"RemoteIP": "",
"RemotePort": "",
"MaliciousIP": "",
"ThreatSeverity": "",
"IndicatorThreatType": "",
"ThreatDescription": "",
"ThreatConfidence": "",
"ReportReferenceLink": "",
"MaliciousIPLongitude": "",
"MaliciousIPLatitude": "",
"MaliciousIPCountry": "",
"DeviceVersion": "6.5.0.69058",
"Activity": "Insight Logs",
"ApplicationProtocol": "",
"EventCount": "",
"DestinationDnsDomain": "",
"DestinationServiceName": "",
"DestinationTranslatedAddress": "",
"DestinationTranslatedPort": "",
"DeviceDnsDomain": "",
"DeviceExternalID": "",
"DeviceInboundInterface": "",
"DeviceNtDomain": "",
"DeviceOutboundInterface": "",
"DevicePayloadId": "",
"ProcessName": "",
"DeviceTranslatedAddress": "",
"DestinationHostName": "",
"DestinationMACAddress": "",
"DestinationNTDomain": "",
"DestinationProcessId": "",
"DestinationUserPrivileges": "",
"DestinationProcessName": "",
"DeviceTimeZone": "",
"DestinationUserID": "",
"DestinationUserName": "",
"DeviceMacAddress": "",
"ProcessID": "",
"ExternalID": "",
"FileCreateTime": "",
"FileHash": "",
"FileID": "",
"FileModificationTime": "",
"FilePath": "",
"FilePermission": "",
"FileType": "",
"FileName": "",
"FileSize": "",
"ReceivedBytes": "",
"OldFileCreateTime": "",
"OldFileHash": "",
"OldFileID": "",
"OldFileModificationTime": "",
"OldFileName": "",
"OldFilePath": "",
"OldFilePermission": "",
"OldFileSize": "",
"OldFileType": "",
"SentBytes": "",
"RequestURL": "",
"RequestClientApplication": "",
"RequestContext": "",
"RequestCookies": "",
"RequestMethod": "",
"SourceHostName": "",
"SourceMACAddress": "",
"SourceNTDomain": "",
"SourceDnsDomain": "",
"SourceServiceName": "",
"SourceTranslatedAddress": "",
"SourceTranslatedPort": "",
"SourceProcessId": "",
"SourceUserPrivileges": "",
"SourceProcessName": "",
"SourceUserID": "",
"SourceUserName": "",
"EventType": "",
"DeviceCustomIPv6Address1": "",
"DeviceCustomIPv6Address1Label": "",
"DeviceCustomIPv6Address2": "",
"DeviceCustomIPv6Address2Label": "",
"DeviceCustomIPv6Address3": "",
"DeviceCustomIPv6Address3Label": "",
"DeviceCustomIPv6Address4": "",
"DeviceCustomIPv6Address4Label": "",
"DeviceCustomFloatingPoint1": "",
"DeviceCustomFloatingPoint1Label": "",
"DeviceCustomFloatingPoint2": "",
"DeviceCustomFloatingPoint2Label": "",
"DeviceCustomFloatingPoint3": "",
"DeviceCustomFloatingPoint3Label": "",
"DeviceCustomFloatingPoint4": "",
"DeviceCustomFloatingPoint4Label": "",
"DeviceCustomNumber1": "",
"DeviceCustomNumber1Label": "",
"DeviceCustomNumber2": "",
"DeviceCustomNumber2Label": "",
"DeviceCustomNumber3": "",
"DeviceCustomNumber3Label": "",
"DeviceCustomString1": "",
"DeviceCustomString1Label": "",
"DeviceCustomString2": "",
"DeviceCustomString2Label": "",
"DeviceCustomString3": "",
"DeviceCustomString3Label": "",
"DeviceCustomString4": "",
"DeviceCustomString4Label": "",
"DeviceCustomString5": "",
"DeviceCustomString5Label": "",
"DeviceCustomString6": "",
"DeviceCustomString6Label": "",
"DeviceCustomDate1": "",
"DeviceCustomDate1Label": "",
"DeviceCustomDate2": "",
"DeviceCustomDate2Label": "",
"FlexDate1": "",
"FlexDate1Label": "",
"FlexNumber1": "",
"FlexNumber1Label": "",
"FlexNumber2": "",
"FlexNumber2Label": "",
"FlexString1": "",
"FlexString1Label": "",
"FlexString2": "",
"FlexString2Label": "",
"AdditionalExtensions": "Auth.Username=host/Asif-Test-PC2;Auth.Authorization-Sources=null;Auth.Login-Status=216;Auth.Request-Timestamp=2017-12-03 16:28:20+05:30;Auth.Protocol=RADIUS;Auth.Source=null;Auth.Enforcement-Profiles=[Allow Access Profile];Auth.NAS-Port=null;Auth.SSID=cppm-dot1x-test;TimestampFormat=MMM dd yyyy HH:mm:ss.SSS zzz;Auth.NAS-Port-Type=19;Auth.Error-Code=216;Auth.Roles=null;Auth.Service=Test Wireless;Auth.Host-MAC-Address=6817294b0636;Auth.Unhealthy=null;Auth.NAS-IP-Address=10.17.4.7;Auth.CalledStationId=000B8661CD70;Auth.NAS-Identifier=ClearPassLab3600",
"StartTime [UTC]": "",
"EndTime [UTC]": "",
"Type": "CommonSecurityLog",
"_ResourceId": "/subscriptions/7fd67ca4-e443-470d-9bc0-7ce7fa3124fb/resourcegroups/m90-logingestion-rg/providers/microsoft.compute/virtualmachines/m90-siem-vm02",
"Timestamp": "",
"CallingStationId": "",
"InpuOctets": "",
"TimestampFormat": "MMM dd yyyy HH:mm:ss.SSS zzz",
"SessionTime": "",
"FramedIpAddr": "",
"Source": "null",
"Method": "",
"SessionId": "",
"ServiceName": "",
"NasPortNumber": "",
"NasPortType": "19",
"OutputOctets": "",
"UserName": "host/Asif-Test-PC2",
"NasIpAddr": "10.17.4.7",
"AuthorizationSources": "null",
"NetworkProtocol": "RADIUS",
"RequestTimestamp": "2017-12-03 16:28:20+05:30",
"LoginStatus": "216",
"EnforcementProfiles": "[Allow Access Profile]",
"NasPort": "null",
"Ssid": "cppm-dot1x-test",
"ErrorCode": "216",
"Roles": "null",
"Service": "Test Wireless",
"SrcMacAddr": "6817294b0636",
"Unhealthy": "null",
"CalledStationId": "000B8661CD70",
"NasIdentifier": "",
"Category": "",
"Description": "",
"Action": "",
"TimeFormat": ""
}
]
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку