7.9 KiB
7.9 KiB
| 1 | TenantId | SourceSystem | TimeGenerated [UTC] | ReceiptTime | DeviceVendor | DeviceProduct | DeviceEventClassID | LogSeverity | OriginalLogSeverity | DeviceAction | SimplifiedDeviceAction | Computer | CommunicationDirection | DeviceFacility | DestinationPort | DestinationIP | DeviceAddress | DeviceName | Message | Protocol | SourcePort | SourceIP | RemoteIP | RemotePort | MaliciousIP | ThreatSeverity | IndicatorThreatType | ThreatDescription | ThreatConfidence | ReportReferenceLink | MaliciousIPLongitude | MaliciousIPLatitude | MaliciousIPCountry | DeviceVersion | Activity | ApplicationProtocol | EventCount | DestinationDnsDomain | DestinationServiceName | DestinationTranslatedAddress | DestinationTranslatedPort | DeviceDnsDomain | DeviceExternalID | DeviceInboundInterface | DeviceNtDomain | DeviceOutboundInterface | DevicePayloadId | ProcessName | DeviceTranslatedAddress | DestinationHostName | DestinationMACAddress | DestinationNTDomain | DestinationProcessId | DestinationUserPrivileges | DestinationProcessName | DeviceTimeZone | DestinationUserID | DestinationUserName | DeviceMacAddress | ProcessID | ExternalID | FileCreateTime | FileHash | FileID | FileModificationTime | FilePath | FilePermission | FileType | FileName | FileSize | ReceivedBytes | OldFileCreateTime | OldFileHash | OldFileID | OldFileModificationTime | OldFileName | OldFilePath | OldFilePermission | OldFileSize | OldFileType | SentBytes | RequestURL | RequestClientApplication | RequestContext | RequestCookies | RequestMethod | SourceHostName | SourceMACAddress | SourceNTDomain | SourceDnsDomain | SourceServiceName | SourceTranslatedAddress | SourceTranslatedPort | SourceProcessId | SourceUserPrivileges | SourceProcessName | SourceUserID | SourceUserName | EventType | DeviceCustomIPv6Address1 | DeviceCustomIPv6Address1Label | DeviceCustomIPv6Address2 | DeviceCustomIPv6Address2Label | DeviceCustomIPv6Address3 | DeviceCustomIPv6Address3Label | DeviceCustomIPv6Address4 | DeviceCustomIPv6Address4Label | DeviceCustomFloatingPoint1 | DeviceCustomFloatingPoint1Label | DeviceCustomFloatingPoint2 | DeviceCustomFloatingPoint2Label | DeviceCustomFloatingPoint3 | DeviceCustomFloatingPoint3Label | DeviceCustomFloatingPoint4 | DeviceCustomFloatingPoint4Label | DeviceCustomNumber1 | DeviceCustomNumber1Label | DeviceCustomNumber2 | DeviceCustomNumber2Label | DeviceCustomNumber3 | DeviceCustomNumber3Label | DeviceCustomString1 | DeviceCustomString1Label | DeviceCustomString2 | DeviceCustomString2Label | DeviceCustomString3 | DeviceCustomString3Label | DeviceCustomString4 | DeviceCustomString4Label | DeviceCustomString5 | DeviceCustomString5Label | DeviceCustomString6 | DeviceCustomString6Label | DeviceCustomDate1 | DeviceCustomDate1Label | DeviceCustomDate2 | DeviceCustomDate2Label | FlexDate1 | FlexDate1Label | FlexNumber1 | FlexNumber1Label | FlexNumber2 | FlexNumber2Label | FlexString1 | FlexString1Label | FlexString2 | FlexString2Label | AdditionalExtensions | StartTime [UTC] | EndTime [UTC] | Type | _ResourceId |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2 | 0a18deaa-a6c8-49ba-8cc9-74d5915fd2ae | OpsManager | 10/15/2020, 6:38:45.828 PM | 1590028071000 | Cisco | Firepower | RNA:1003:1 | 3 | Allow | Allow | 80 | 13.107.4.52 | ftd | 6 | 53133 | 10.1.8.20 | null | null | null | 6.0 | CONNECTION STATISTICS | HTTP | null | null | 1 | inside | outside | null | 1 | 11915 | null | null | null | null | http://www.msftconnecttest.com/connecttest.txt | Web browser | null | null | Unknown | null | null | null | null | null | null | null | null | dCloud Access Policy | fwPolicy | Default Inspect | fwRule | inside | ingressZone | outside | egressZone | secIntelCategory | null | null | bytesOut=88;end=1590031675000;reason=N/A;start=1590028071000 | 1/1/1970, 12:00:00.000 AM | 1/1/1970, 12:00:00.000 AM | CommonSecurityLog | /subscriptions/08e3a9d7-7798-47c4-9d89-d38857c5bfe7/resourcegroups/csta1/providers/microsoft.compute/virtualmachines/encoreconnector | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 3 | 0a18deaa-a6c8-49ba-8cc9-74d5915fd2ae | OpsManager | 10/15/2020, 6:40:22.349 PM | 1590028071000 | Cisco | Firepower | RNA:1003:1 | 3 | Allow | Allow | 80 | 13.107.4.52 | ftd | 6 | 53133 | 10.1.8.20 | null | null | null | 6.0 | CONNECTION STATISTICS | HTTP | null | null | 1 | inside | outside | null | 1 | 11915 | null | null | null | null | http://www.msftconnecttest.com/connecttest.txt | Web browser | null | null | Unknown | null | null | null | null | null | null | null | null | dCloud Access Policy | fwPolicy | Default Inspect | fwRule | inside | ingressZone | outside | egressZone | secIntelCategory | null | null | bytesOut=88;end=1590031675000;reason=N/A;start=1590028071000 | 1/1/1970, 12:00:00.000 AM | 1/1/1970, 12:00:00.000 AM | CommonSecurityLog | /subscriptions/08e3a9d7-7798-47c4-9d89-d38857c5bfe7/resourcegroups/csta1/providers/microsoft.compute/virtualmachines/encoreconnector | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 4 | 0a18deaa-a6c8-49ba-8cc9-74d5915fd2ae | OpsManager | 10/15/2020, 6:42:23.451 PM | 1590028071000 | Cisco | Firepower | RNA:1003:1 | 3 | Allow | Allow | 80 | 13.107.4.52 | ftd | 6 | 53133 | 10.1.8.20 | null | null | null | 6.0 | CONNECTION STATISTICS | HTTP | null | null | 1 | inside | outside | null | 1 | 11915 | null | null | null | null | http://www.msftconnecttest.com/connecttest.txt | Web browser | null | null | Unknown | null | null | null | null | null | null | null | null | dCloud Access Policy | fwPolicy | Default Inspect | fwRule | inside | ingressZone | outside | egressZone | secIntelCategory | null | null | bytesOut=88;end=1590031675000;reason=N/A;start=1590028071000 | 1/1/1970, 12:00:00.000 AM | 1/1/1970, 12:00:00.000 AM | CommonSecurityLog | /subscriptions/08e3a9d7-7798-47c4-9d89-d38857c5bfe7/resourcegroups/csta1/providers/microsoft.compute/virtualmachines/encoreconnector | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 5 | 0a18deaa-a6c8-49ba-8cc9-74d5915fd2ae | OpsManager | 10/15/2020, 6:54:58.521 PM | 1590028071000 | Cisco | Firepower | RNA:1003:1 | 3 | Allow | Allow | 80 | 13.107.4.52 | ftd | 6 | 53133 | 10.1.8.20 | null | null | null | 6.0 | CONNECTION STATISTICS | HTTP | null | null | 1 | inside | outside | null | 1 | 11915 | null | null | null | null | http://www.msftconnecttest.com/connecttest.txt | Web browser | null | null | Unknown | null | null | null | null | null | null | null | null | dCloud Access Policy | fwPolicy | Default Inspect | fwRule | inside | ingressZone | outside | egressZone | secIntelCategory | null | null | bytesOut=88;end=1590031675000;reason=N/A;start=1590028071000 | 1/1/1970, 12:00:00.000 AM | 1/1/1970, 12:00:00.000 AM | CommonSecurityLog | /subscriptions/08e3a9d7-7798-47c4-9d89-d38857c5bfe7/resourcegroups/csta1/providers/microsoft.compute/virtualmachines/encoreconnector | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 6 | 0a18deaa-a6c8-49ba-8cc9-74d5915fd2ae | OpsManager | 10/15/2020, 6:59:08.009 PM | 1590028071000 | Cisco | Firepower | RNA:1003:1 | 3 | Allow | Allow | 80 | 13.107.4.52 | ftd | 6 | 53133 | 10.1.8.20 | null | null | null | 6.0 | CONNECTION STATISTICS | HTTP | null | null | 1 | inside | outside | null | 1 | 11915 | null | null | null | null | http://www.msftconnecttest.com/connecttest.txt | Web browser | null | null | Unknown | null | null | null | null | null | null | null | null | dCloud Access Policy | fwPolicy | Default Inspect | fwRule | inside | ingressZone | outside | egressZone | secIntelCategory | null | null | bytesOut=88;end=1590031675000;reason=N/A;start=1590028071000 | 1/1/1970, 12:00:00.000 AM | 1/1/1970, 12:00:00.000 AM | CommonSecurityLog | /subscriptions/08e3a9d7-7798-47c4-9d89-d38857c5bfe7/resourcegroups/csta1/providers/microsoft.compute/virtualmachines/encoreconnector | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 7 | 0a18deaa-a6c8-49ba-8cc9-74d5915fd2ae | OpsManager | 10/15/2020, 7:02:56.998 PM | 1590028071000 | Cisco | Firepower | RNA:1003:1 | 3 | Allow | Allow | 80 | 13.107.4.52 | ftd | 6 | 53133 | 10.1.8.20 | null | null | null | 6.0 | CONNECTION STATISTICS | HTTP | null | null | 1 | inside | outside | null | 1 | 11915 | null | null | null | null | http://www.msftconnecttest.com/connecttest.txt | Web browser | null | null | Unknown | null | null | null | null | null | null | null | null | dCloud Access Policy | fwPolicy | Default Inspect | fwRule | inside | ingressZone | outside | egressZone | secIntelCategory | null | null | bytesOut=88;end=1590031675000;reason=N/A;start=1590028071000 | 1/1/1970, 12:00:00.000 AM | 1/1/1970, 12:00:00.000 AM | CommonSecurityLog | /subscriptions/08e3a9d7-7798-47c4-9d89-d38857c5bfe7/resourcegroups/csta1/providers/microsoft.compute/virtualmachines/encoreconnector |