Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Sample Data/CEF/TrendMicro_ApexOne.json

2837 строки
90 KiB
JSON
Исходник Ответственный История

[
{
"TimeGenerated [UTC]": "5/19/2021, 9:43:10.050 AM",
"Action": "",
"EventMessage": "Attack Discovery Detections",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "process - powershell.exe - {#012 \"META_FILE_MD5\" : \"7353f60b1739074eb17c5f4dddefe239\",#012 \"META_FILE_NAME\" : \"powershell.exe\",#012 \"META_FILE_SHA1\" : \"6cbce4a295c163791b60fc23d285e6d84f28ee4c\",#012 \"META_FILE_SHA2\" : \"de96a6e69944335375dc1ac238336066889d9ffc7d73628ef4fe1b1b160ab32c\",#012 \"META_PATH\" : \"c:\\\\\\\\windows\\\\\\\\system32\\\\\\\\windowspowershell\\\\\\\\v1.0\\\\\\\\\",#012 \"META_PROCESS_CMD\" : [ \"powershell iex test2\" ],#012 \"META_PROCESS_PID\" : 10924,#012 \"META_SIGNER\" : \"microsoft windows\",#012 \"META_SIGNER_VALIDATION\" : true,#012 \"META_USER_USER_NAME\" : \"Administrator\",#012 \"META_USER_USER_SERVERNAME\" : \"VCAC-WINDOW-331\",#012 \"OID\" : 1#012}#012",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "VCAC-Window-331",
"DstIpAddr": "10.201.86.150",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Jan 17 2019 03:38:06 GMT+00:00",
"EventOriginalUid": "5",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "700211",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "0",
"RuleName": "powershell invoke expression",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:55:13.399 AM",
"Action": "",
"EventMessage": "Attack Discovery Detections",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "process - powershell.exe - {#012 \"META_FILE_MD5\" : \"7353f60b1739074eb17c5f4dddefe239\",#012 \"META_FILE_NAME\" : \"powershell.exe\",#012 \"META_FILE_SHA1\" : \"6cbce4a295c163791b60fc23d285e6d84f28ee4c\",#012 \"META_FILE_SHA2\" : \"de96a6e69944335375dc1ac238336066889d9ffc7d73628ef4fe1b1b160ab32c\",#012 \"META_PATH\" : \"c:\\\\\\\\windows\\\\\\\\system32\\\\\\\\windowspowershell\\\\\\\\v1.0\\\\\\\\\",#012 \"META_PROCESS_CMD\" : [ \"powershell iex test2\" ],#012 \"META_PROCESS_PID\" : 10924,#012 \"META_SIGNER\" : \"microsoft windows\",#012 \"META_SIGNER_VALIDATION\" : true,#012 \"META_USER_USER_NAME\" : \"Administrator\",#012 \"META_USER_USER_SERVERNAME\" : \"VCAC-WINDOW-331\",#012 \"OID\" : 1#012}#012",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "VCAC-Window-331",
"DstIpAddr": "10.201.86.150",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Jan 17 2019 03:38:06 GMT+00:00",
"EventOriginalUid": "5",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "700211",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "0",
"RuleName": "powershell invoke expression",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:56:07.503 AM",
"Action": "",
"EventMessage": "Attack Discovery Detections",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "process - powershell.exe - {#012 \"META_FILE_MD5\" : \"7353f60b1739074eb17c5f4dddefe239\",#012 \"META_FILE_NAME\" : \"powershell.exe\",#012 \"META_FILE_SHA1\" : \"6cbce4a295c163791b60fc23d285e6d84f28ee4c\",#012 \"META_FILE_SHA2\" : \"de96a6e69944335375dc1ac238336066889d9ffc7d73628ef4fe1b1b160ab32c\",#012 \"META_PATH\" : \"c:\\\\\\\\windows\\\\\\\\system32\\\\\\\\windowspowershell\\\\\\\\v1.0\\\\\\\\\",#012 \"META_PROCESS_CMD\" : [ \"powershell iex test2\" ],#012 \"META_PROCESS_PID\" : 10924,#012 \"META_SIGNER\" : \"microsoft windows\",#012 \"META_SIGNER_VALIDATION\" : true,#012 \"META_USER_USER_NAME\" : \"Administrator\",#012 \"META_USER_USER_SERVERNAME\" : \"VCAC-WINDOW-331\",#012 \"OID\" : 1#012}#012",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "VCAC-Window-331",
"DstIpAddr": "10.201.86.150",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Jan 17 2019 03:38:06 GMT+00:00",
"EventOriginalUid": "5",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "700211",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "0",
"RuleName": "powershell invoke expression",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:43:45.977 AM",
"Action": "",
"EventMessage": "Attack Discovery Detections",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "process - powershell.exe - {#012 \"META_FILE_MD5\" : \"7353f60b1739074eb17c5f4dddefe239\",#012 \"META_FILE_NAME\" : \"powershell.exe\",#012 \"META_FILE_SHA1\" : \"6cbce4a295c163791b60fc23d285e6d84f28ee4c\",#012 \"META_FILE_SHA2\" : \"de96a6e69944335375dc1ac238336066889d9ffc7d73628ef4fe1b1b160ab32c\",#012 \"META_PATH\" : \"c:\\\\\\\\windows\\\\\\\\system32\\\\\\\\windowspowershell\\\\\\\\v1.0\\\\\\\\\",#012 \"META_PROCESS_CMD\" : [ \"powershell iex test2\" ],#012 \"META_PROCESS_PID\" : 10924,#012 \"META_SIGNER\" : \"microsoft windows\",#012 \"META_SIGNER_VALIDATION\" : true,#012 \"META_USER_USER_NAME\" : \"Administrator\",#012 \"META_USER_USER_SERVERNAME\" : \"VCAC-WINDOW-331\",#012 \"OID\" : 1#012}#012",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "VCAC-Window-331",
"DstIpAddr": "10.201.86.150",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Jan 17 2019 03:38:06 GMT+00:00",
"EventOriginalUid": "5",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "700211",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "0",
"RuleName": "powershell invoke expression",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:44:55.011 AM",
"Action": "",
"EventMessage": "Attack Discovery Detections",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "process - powershell.exe - {#012 \"META_FILE_MD5\" : \"7353f60b1739074eb17c5f4dddefe239\",#012 \"META_FILE_NAME\" : \"powershell.exe\",#012 \"META_FILE_SHA1\" : \"6cbce4a295c163791b60fc23d285e6d84f28ee4c\",#012 \"META_FILE_SHA2\" : \"de96a6e69944335375dc1ac238336066889d9ffc7d73628ef4fe1b1b160ab32c\",#012 \"META_PATH\" : \"c:\\\\\\\\windows\\\\\\\\system32\\\\\\\\windowspowershell\\\\\\\\v1.0\\\\\\\\\",#012 \"META_PROCESS_CMD\" : [ \"powershell iex test2\" ],#012 \"META_PROCESS_PID\" : 10924,#012 \"META_SIGNER\" : \"microsoft windows\",#012 \"META_SIGNER_VALIDATION\" : true,#012 \"META_USER_USER_NAME\" : \"Administrator\",#012 \"META_USER_USER_SERVERNAME\" : \"VCAC-WINDOW-331\",#012 \"OID\" : 1#012}#012",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "VCAC-Window-331",
"DstIpAddr": "10.201.86.150",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Jan 17 2019 03:38:06 GMT+00:00",
"EventOriginalUid": "5",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "700211",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "0",
"RuleName": "powershell invoke expression",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:49:47.349 AM",
"Action": "",
"EventMessage": "Attack Discovery Detections",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "process - powershell.exe - {#012 \"META_FILE_MD5\" : \"7353f60b1739074eb17c5f4dddefe239\",#012 \"META_FILE_NAME\" : \"powershell.exe\",#012 \"META_FILE_SHA1\" : \"6cbce4a295c163791b60fc23d285e6d84f28ee4c\",#012 \"META_FILE_SHA2\" : \"de96a6e69944335375dc1ac238336066889d9ffc7d73628ef4fe1b1b160ab32c\",#012 \"META_PATH\" : \"c:\\\\\\\\windows\\\\\\\\system32\\\\\\\\windowspowershell\\\\\\\\v1.0\\\\\\\\\",#012 \"META_PROCESS_CMD\" : [ \"powershell iex test2\" ],#012 \"META_PROCESS_PID\" : 10924,#012 \"META_SIGNER\" : \"microsoft windows\",#012 \"META_SIGNER_VALIDATION\" : true,#012 \"META_USER_USER_NAME\" : \"Administrator\",#012 \"META_USER_USER_SERVERNAME\" : \"VCAC-WINDOW-331\",#012 \"OID\" : 1#012}#012",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "VCAC-Window-331",
"DstIpAddr": "10.201.86.150",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Jan 17 2019 03:38:06 GMT+00:00",
"EventOriginalUid": "5",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "700211",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "0",
"RuleName": "powershell invoke expression",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:57:19.659 AM",
"Action": "",
"EventMessage": "Pattern Update Status",
"ActiveUpdateComponentType": "2",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "100",
"DetectionType": "",
"DeviceType": "",
"Domain": "Default",
"DomainName": "",
"DstDvcHostname": "",
"DstIpAddr": "",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "10.0.7.20",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Nov 02 2017 12:46:44 GMT+00:00",
"EventOriginalUid": "",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "800101",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "Windows 7 ",
"Operation": "",
"Pattern": "2048",
"PatternNumber": "",
"PatternStatus": "1",
"PatternType": "",
"PatternVersion": "1548",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "",
"RuleName": "",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "shost1",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "0",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:55:13.512 AM",
"Action": "",
"EventMessage": "Endpoint Application Control Violation Information",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "C:\\\\P2P_TEST.exe",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "0.0.0.0",
"ClientStatus": "0",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "",
"DstIpAddr": "",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "QA",
"DvcAction": "Blocked",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Jun 27 2012 03:14:03 GMT+00:00",
"EventOriginalUid": "39",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "EAC:1",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "c0869b72C5606D22D92A6AC986686BB87485A25b",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "TestPolicy",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Trend Micro Endpoint Application Control ",
"ProductId": "",
"ProductServerPatternVersion": "1.299.00",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "",
"RuleName": "Test",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "TMCM\\\\QA",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:56:47.505 AM",
"Action": "",
"EventMessage": "Endpoint Application Control Violation Information",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "C:\\\\P2P_TEST.exe",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "0.0.0.0",
"ClientStatus": "0",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "",
"DstIpAddr": "",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "QA",
"DvcAction": "Blocked",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Jun 27 2012 03:14:03 GMT+00:00",
"EventOriginalUid": "39",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "EAC:1",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "c0869b72C5606D22D92A6AC986686BB87485A25b",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "TestPolicy",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Trend Micro Endpoint Application Control ",
"ProductId": "",
"ProductServerPatternVersion": "1.299.00",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "",
"RuleName": "Test",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "TMCM\\\\QA",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:58:54.856 AM",
"Action": "",
"EventMessage": "JS_EXPLOIT.SMDN",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "ApexOneClient01",
"DstIpAddr": "10.201.129.24",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "Admin004",
"DvcAction": "File renamed",
"DvcHostname": "ApexOneServer01",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "9.500.1005",
"EntryChannel": "",
"EventEndTime": "Feb 18 2016 14:34:00 GMT+00:00",
"EventOriginalUid": "104",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "virus log",
"EventSeverity": "3",
"EventSubType": "AV:File renamed",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "File renamed",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "920500",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "10.6",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "",
"RuleName": "",
"ScanType": "Manual Scan",
"SecondAction": "3",
"SecondActionResult": "N/A",
"ServerHostname": "",
"SeverityCode": "2",
"SeverityLevel": "",
"SrcDvcHostname": "ABC-OSCE-WKS12",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "ABC-OSCE-WKS12",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:55:13.485 AM",
"Action": "",
"EventMessage": "Data Loss Prevention",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "0",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "",
"DstIpAddr": "",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "",
"DvcHostname": "Sampledvchost",
"DvcProcessName": "",
"EndpointHostName": "Sample_Host",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Oct 13 2017 02:54:04 GMT+00:00",
"EventOriginalUid": "",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "4",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "700106",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "N/A",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "15",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "",
"RuleName": "SAMPLE RULE SET",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "shost1",
"SrcIpAddr": "10.0.9.34",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "Apex One policy",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": "12467"
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:56:35.002 AM",
"Action": "",
"EventMessage": "Data Loss Prevention",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "0",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "",
"DstIpAddr": "",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "",
"DvcHostname": "Sampledvchost",
"DvcProcessName": "",
"EndpointHostName": "Sample_Host",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Oct 13 2017 02:54:04 GMT+00:00",
"EventOriginalUid": "",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "4",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "700106",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "N/A",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "15",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "",
"RuleName": "SAMPLE RULE SET",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "shost1",
"SrcIpAddr": "10.0.9.34",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "Apex One policy",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": "12467"
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:55:13.520 AM",
"Action": "",
"EventMessage": "Engine Update Status",
"ActiveUpdateComponentType": "1",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "100",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "",
"DstIpAddr": "",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "10.0.17.6",
"Engine": "4096",
"EngineStatus": "1",
"EngineVersion": "9.950.1006",
"EntryChannel": "",
"EventEndTime": "Apr 20 2017 12:04:34 GMT+00:00",
"EventOriginalUid": "",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "800102",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "",
"RuleName": "",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "shost1",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:57:01.893 AM",
"Action": "",
"EventMessage": "Engine Update Status",
"ActiveUpdateComponentType": "1",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "100",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "",
"DstIpAddr": "",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "10.0.17.6",
"Engine": "4096",
"EngineStatus": "1",
"EngineVersion": "9.950.1006",
"EntryChannel": "",
"EventEndTime": "Apr 20 2017 12:04:34 GMT+00:00",
"EventOriginalUid": "",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "800102",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "",
"RuleName": "",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "shost1",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:55:13.536 AM",
"Action": "",
"EventMessage": "Managed Product Logon/Logoff Events",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "110",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "",
"DstIpAddr": "",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "",
"EventOriginalUid": "11",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "700211",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "ScanMail for Microsoft Exchange",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "14",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "",
"RuleName": "",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "SMEX01",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:57:08.014 AM",
"Action": "",
"EventMessage": "Managed Product Logon/Logoff Events",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "110",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "",
"DstIpAddr": "",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "",
"EventOriginalUid": "11",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "700211",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "ScanMail for Microsoft Exchange",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "14",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "",
"RuleName": "",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "SMEX01",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:59:03.537 AM",
"Action": "",
"EventMessage": "7",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "",
"DstIpAddr": "",
"DstPortNumber": "80",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "1",
"DvcHostname": "ApexOneClient08",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Nov 15 2017 08:43:57 GMT+00:00",
"EventOriginalUid": "38",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "WB:7",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "17",
"NetworkDirection": "2",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "External User Policy",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "",
"RuleName": "",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "ABC-HOST-WKS12",
"SrcIpAddr": "10.1.128.46",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "http://www.violetsoft.net/counter/insert.php?dbserver\\=db1&c_pcode\\=25&c_pid\\=funpop1&c_kind\\=4&c_mac\\=FE-ED-BE-EF-0C-E1",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:58:49.036 AM",
"Action": "",
"EventMessage": "Suspicious Files",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "0",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "APEX-ONE-CLIENT-1",
"DstIpAddr": "10.201.86.151",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "Log",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Nov 15 2016 02:47:21 GMT+00:00",
"EventOriginalUid": "1",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "FH:Log",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "D6712CAE5EC821F910E14945153AE7871AA536CA",
"FileType": "SLF_TrueFileType",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "11",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "",
"RuleName": "",
"ScanType": "1",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:55:13.448 AM",
"Action": "",
"EventMessage": "CnC Callback",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "1",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "DOMAIN",
"DstDvcHostname": "",
"DstIpAddr": "10.201.86.195",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "Block",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Oct 11 2017 06:34:09 GMT+00:00",
"EventOriginalUid": "12",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "CnC:Block",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "1",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "11.0",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "1",
"RuleName": "",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "ApexOneClient01",
"SrcIpAddr": "10.201.86.187",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:56:21.910 AM",
"Action": "",
"EventMessage": "CnC Callback",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "1",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "DOMAIN",
"DstDvcHostname": "",
"DstIpAddr": "10.201.86.195",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "Block",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Oct 11 2017 06:34:09 GMT+00:00",
"EventOriginalUid": "12",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "CnC:Block",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "1",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "11.0",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "1",
"RuleName": "",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "ApexOneClient01",
"SrcIpAddr": "10.201.86.187",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:58:40.744 AM",
"Action": "",
"EventMessage": "Spyware Detected",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "ApexOneClient01",
"DstIpAddr": "50.8.1.1",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "",
"DvcHostname": "ApexOneClient01",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "6.2.3027",
"EntryChannel": "",
"EventEndTime": "Oct 06 2017 08:39:46 GMT+00:00",
"EventOriginalUid": "3",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "Spyware Detected",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "1073741840",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "",
"RuleName": "",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "ADW_OPENCANDY",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:55:13.496 AM",
"Action": "",
"EventMessage": "Device Access Control",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "0",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "",
"DstIpAddr": "",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "",
"DvcHostname": "localhost",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Aug 16 2017 04:49:15 GMT+00:00",
"EventOriginalUid": "",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "700107",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "3",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "15",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "",
"RuleName": "",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "Sample_Host",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "shost1",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "C:\\\\Windows\\\\explorer.exe",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:56:40.770 AM",
"Action": "",
"EventMessage": "Device Access Control",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "0",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "",
"DstIpAddr": "",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "",
"DvcHostname": "localhost",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Aug 16 2017 04:49:15 GMT+00:00",
"EventOriginalUid": "",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "700107",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "3",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "15",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "",
"RuleName": "",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "Sample_Host",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "shost1",
"SrcIpAddr": "",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "C:\\\\Windows\\\\explorer.exe",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:57:14.378 AM",
"Action": "",
"EventMessage": "Suspicious Connection",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "",
"DstIpAddr": "10.69.81.64",
"DstPortNumber": "80",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "Pass",
"DvcHostname": "",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Oct 11 2017 06:34:06 GMT+00:00",
"EventOriginalUid": "1",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "NCIE:Pass",
"EventType": "",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "None",
"OperatingSystem": "",
"Operation": "",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "2",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "",
"RuleName": "",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "",
"SrcIpAddr": "10.201.86.152",
"SrcMacAddr": "",
"SrcPortNumber": "54594",
"SrcProcessName": "",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "",
"TemplateName": "",
"ThreatName": "Malicious_identified_CnC_querying_on_UDP_detected",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:55:13.424 AM",
"Action": "",
"EventMessage": "Behavior Monitoring",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "",
"DstIpAddr": "",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "3",
"DvcHostname": "localhost",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Aug 16 2017 05:00:40 GMT+00:00",
"EventOriginalUid": "",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "BM:1000",
"EventType": "4",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "302",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "1000",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "1",
"RuleName": "",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "shost1",
"SrcIpAddr": "10.0.76.40",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "C:\\\\Windows\\\\SysWOW64\\\\rundll32.exe",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "HKCU\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\COM+",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:56:15.325 AM",
"Action": "",
"EventMessage": "Behavior Monitoring",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "",
"DstIpAddr": "",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "3",
"DvcHostname": "localhost",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Aug 16 2017 05:00:40 GMT+00:00",
"EventOriginalUid": "",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "BM:1000",
"EventType": "4",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "302",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "1000",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "1",
"RuleName": "",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "shost1",
"SrcIpAddr": "10.0.76.40",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "C:\\\\Windows\\\\SysWOW64\\\\rundll32.exe",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "HKCU\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\COM+",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
},
{
"TimeGenerated [UTC]": "5/19/2021, 9:50:19.149 AM",
"Action": "",
"EventMessage": "Behavior Monitoring",
"ActiveUpdateComponentType": "",
"ApplicationProcessCommandLine": "",
"AttackDiscoveryObjectInformation1": "",
"AttackDiscoveryObjectInformation2": "",
"AttackDiscoveryObjectInformation3": "",
"AttackDiscoveryObjectInformation4": "",
"CallbackAddressFormat": "",
"CallbackUrlAddress": "",
"CCListSource": "",
"ChannelType": "",
"ClientIpAddress": "",
"ClientStatus": "",
"CloudStorageVendor": "",
"CommandStatus": "",
"ConnectionStatus": "",
"DetectionType": "",
"DeviceType": "",
"Domain": "",
"DomainName": "",
"DstDvcHostname": "",
"DstIpAddr": "",
"DstPortNumber": "",
"DstServiceName": "",
"DstUserName": "",
"DvcAction": "3",
"DvcHostname": "localhost",
"DvcProcessName": "",
"EndpointHostName": "",
"EndpointIp": "",
"Engine": "",
"EngineStatus": "",
"EngineVersion": "",
"EntryChannel": "",
"EventEndTime": "Aug 16 2017 05:00:40 GMT+00:00",
"EventOriginalUid": "",
"EventProduct": "Apex Central",
"EventProductVersion": "2019",
"EventResult": "",
"EventResultDetails": "",
"EventSeverity": "3",
"EventSubType": "BM:1000",
"EventType": "4",
"FileCreationTime": "",
"FileHashSha1": "",
"FileType": "",
"FilterType": "",
"FirstActionResult": "",
"FirstCallbackAttempt": "",
"InfectionChannel": "",
"InfectionSource": "",
"LastCallbackAttempt": "",
"ListSource": "",
"NetworkApplicationProtocol": "",
"NetworkDirection": "",
"OperatingSystem": "",
"Operation": "302",
"Pattern": "",
"PatternNumber": "",
"PatternStatus": "",
"PatternType": "",
"PatternVersion": "",
"Permission": "",
"Policy": "",
"PolicyGuid": "",
"PolicyId": "1000",
"PolicyName": "",
"PolicySettings": "",
"ProbableThreatType": "",
"ProcessCommand": "",
"Product": "Apex One",
"ProductId": "",
"ProductServerPatternVersion": "",
"ProductType": "",
"ProductVersion": "",
"ReasonCode": "",
"ReasonCodeSource": "",
"ReputationScore": "",
"RiskLevel": "1",
"RuleName": "",
"ScanType": "",
"SecondAction": "",
"SecondActionResult": "",
"ServerHostname": "",
"SeverityCode": "",
"SeverityLevel": "",
"SrcDvcHostname": "shost1",
"SrcIpAddr": "10.0.76.40",
"SrcMacAddr": "",
"SrcPortNumber": "",
"SrcProcessName": "C:\\\\Windows\\\\SysWOW64\\\\rundll32.exe",
"SrcServiceName": "",
"SrcUserName": "",
"Target": "HKCU\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\COM+",
"TemplateName": "",
"ThreatName": "",
"ThreatProbability": "",
"ThreatType": "",
"UpdateAgent": "",
"UrlOriginal": "",
"UserName": ""
}
]
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку