6.0 KiB
6.0 KiB
| 1 | TenantId | SourceSystem | TimeGenerated | ReceiptTime | DeviceVendor | DeviceProduct | DeviceEventClassID | LogSeverity | OriginalLogSeverity | DeviceAction | SimplifiedDeviceAction | Computer | CommunicationDirection | DeviceFacility | DestinationPort | DestinationIP | DeviceAddress | DeviceName | Message | Protocol | SourcePort | SourceIP | RemoteIP | RemotePort | MaliciousIP | ThreatSeverity | IndicatorThreatType | ThreatDescription | ThreatConfidence | ReportReferenceLink | MaliciousIPLongitude | MaliciousIPLatitude | MaliciousIPCountry | DeviceVersion | Activity | ApplicationProtocol | EventCount | DestinationDnsDomain | DestinationServiceName | DestinationTranslatedAddress | DestinationTranslatedPort | DeviceDnsDomain | DeviceExternalID | DeviceInboundInterface | DeviceNtDomain | DeviceOutboundInterface | DevicePayloadId | ProcessName | DeviceTranslatedAddress | DestinationHostName | DestinationMACAddress | DestinationNTDomain | DestinationProcessId | DestinationUserPrivileges | DestinationProcessName | DeviceTimeZone | DestinationUserID | DestinationUserName | DeviceMacAddress | ProcessID | ExternalID | FileCreateTime | FileHash | FileID | FileModificationTime | FilePath | FilePermission | FileType | FileName | FileSize | ReceivedBytes | OldFileCreateTime | OldFileHash | OldFileID | OldFileModificationTime | OldFileName | OldFilePath | OldFilePermission | OldFileSize | OldFileType | SentBytes | RequestURL | RequestClientApplication | RequestContext | RequestCookies | RequestMethod | SourceHostName | SourceMACAddress | SourceNTDomain | SourceDnsDomain | SourceServiceName | SourceTranslatedAddress | SourceTranslatedPort | SourceProcessId | SourceUserPrivileges | SourceProcessName | SourceUserID | SourceUserName | EventType | DeviceCustomIPv6Address1 | DeviceCustomIPv6Address1Label | DeviceCustomIPv6Address2 | DeviceCustomIPv6Address2Label | DeviceCustomIPv6Address3 | DeviceCustomIPv6Address3Label | DeviceCustomIPv6Address4 | DeviceCustomIPv6Address4Label | DeviceCustomFloatingPoint1 | DeviceCustomFloatingPoint1Label | DeviceCustomFloatingPoint2 | DeviceCustomFloatingPoint2Label | DeviceCustomFloatingPoint3 | DeviceCustomFloatingPoint3Label | DeviceCustomFloatingPoint4 | DeviceCustomFloatingPoint4Label | DeviceCustomNumber1 | DeviceCustomNumber1Label | DeviceCustomNumber2 | DeviceCustomNumber2Label | DeviceCustomNumber3 | DeviceCustomNumber3Label | DeviceCustomString1 | DeviceCustomString1Label | DeviceCustomString2 | DeviceCustomString2Label | DeviceCustomString3 | DeviceCustomString3Label | DeviceCustomString4 | DeviceCustomString4Label | DeviceCustomString5 | DeviceCustomString5Label | DeviceCustomString6 | DeviceCustomString6Label | DeviceCustomDate1 | DeviceCustomDate1Label | DeviceCustomDate2 | DeviceCustomDate2Label | FlexDate1 | FlexDate1Label | FlexNumber1 | FlexNumber1Label | FlexNumber2 | FlexNumber2Label | FlexString1 | FlexString1Label | FlexString2 | FlexString2Label | AdditionalExtensions | StartTime | EndTime | Type | _ResourceId | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2 | 00000000-0000-0000-0000-000000000000 | OpsManager | 2020-02-06T09:26:24.94Z | 1580980000000 | Forcepoint CASB | Cloud Service Monitoring | 55022487063 | 8 | Monitor | Monitor | FALSE | null | 0.0.0.0 | 10.1.2.12 | my.skyfence.com | //Unknown/Unknown/ | null | 52.9.67.149 | null | null | null | 1 | Alert | null | G Suite oneRSU | null | Files | null | User | Unknown | user3@onersu.net | null | 0 | 0 | null | null | null | Unknown/Unknown/"" | Unmanaged | null | null | null | null | null | null | null | null | null | null | user3@onersu.net | FALSE | null | null | Document: Julia_visa-111.txt, ID: 1zzQHfGOolQKPl3BhkPxxcB6jqN2Cdgg1 | UNSHARE_ALL | cat=/API-based Activities | end=1580980527000 | outcome=Success | reason=upload | start=1580980527000 | AD.ThreatRadarCategory= | AD.TORNetworks= | AD.MaliciousIPs= | AD.AnonymousProxies= | AD.IPChain= | AD.IPOrigin=Unknown | AD.samAccountName=user1@onersu.net | null | null | CommonSecurityLog | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 3 | 00000000-0000-0000-0000-000000000000 | OpsManager | 2020-02-06T10:24:59.467Z | Forcepoint CASB | SaaS Security Gateway | 104660000000 | 0 | Block | Block | TRUE | null | 40.90.137.124 | 10.1.1.11 | my.skyfence.com | //France/United States | Office Apps | null | null | null | null | 1 | Activity | Office Apps | null | Office365 | null | a7d39ec98f8fe859a0802fd689c772f188e46072b8fd213e9b73625cbb563b85 | null | User | iqunghuigilh@mcrt.com | null | null | -1 | null | null | null | https://login.live.com/rst... | null | null | null | null | null | null | null | null | null | null | Block Access to personal Office365 | null | null | cat=Normal Activity | end=1580984363000 | outcome=Success | reason=login | null | null | CommonSecurityLog | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 4 | 00000000-0000-0000-0000-000000000000 | OpsManager | 2020-02-06T09:16:27.053Z | 1573804384 | Forcepoint CASB | CASB Admin audit log | 4878380000000000 | 0 | Monitor | Monitor | TRUE | null | 52.52.39.146 | 10.1.1.11 | my.skyfence.com | //United Kingdom/United States | Skyfence | null | 127.255.255.255 | null | null | null | 1 | Activity | Skyfence | null | null | 5c1e09157da8ec87c6d6a68f10c15bd8523c5d7ce2cfc03d48ebfa7568e4097f | null | User | Unknown | stodmin@irnet.com.com | null | null | 0 | null | null | null | https://my.skyfence.com/cm/j_spring_security_check | Desktop/Windows 10/"mozilla/5.0 (windows nt 10.0 win64 x64) applewebkit/537.36 (khtml, like gecko) chrome/78.0.3904.97 safari/537.36" | Unmanaged | null | null | null | null | null | null | null | null | null | null | stodmin@irnet.com.com | FALSE | null | null | cat=Normal Activity | end=1573804384 | outcome=Failure | reason=login | start=1573804384 | AD.ThreatRadarCategory= | AD.TORNetworks= | AD.MaliciousIPs= | AD.AnonymousProxies= | AD.IPChain=176.27.111.202 | AD.IPOrigin=External AD.samA | null | null | CommonSecurityLog | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 5 | 00000000-0000-0000-0000-000000000000 | OpsManager | 2020-02-05T11:36:51.72Z | Forcepoint CASB | SaaS Security Gateway | 439664000000 | 8 | Block | Block | TRUE | null | 40.90.22.191 | 10.1.1.11 | my.skyfence.com | //Canada/United States/ | Office Apps | null | null | null | null | 1 | Alert | Office Apps | null | Office365 | null | a7d39ec98f8fe859a0802fd689c772f188e46072b8fd213e9b73625cbb563b85 | null | User | iqunghuigilh@mcrt.com | null | null | 0 | null | null | null | https://login.live.com/rst... | null | null | null | null | null | null | null | null | null | null | null | null | cat=Client Locations/Not Allowed Client Locations | end=1576951001000 | outcome=Success | reason=login | null | null | CommonSecurityLog |