Azure-Sentinel/Sample Data/Custom/CognniIncidents_CL.json

[
  {
    "orgId" : "29b6be00-aa96-4715-ba44-bd27fe53e0a1",
    "fileName": "Elton Slater incident report.doc",
    "informationType": "HR Information",
    "eventTime": "2021-02-04T10:27:36Z",
    "description": null,
    "severity": 3,
    "labels": [
      "Event Is Anomaly",
      "Event Shared to Personal Address",
      "Event Shared Inside the organization",
      "Event High Sensitive",
      "Event Shared Outside the organization"
    ],
    "insights": [
      "High sensitive content, Shared outside the organization, Anomaly",
      "High sensitive content, Shared outside the organization",
      "High sensitive content, Shared inside the organization",
      "High sensitive content, Shared to private address, Anomaly",
      "High sensitive content, Shared inside the organization, Anomaly",
      "High sensitive content, Shared to private email address"
    ],
    "attachmentId": "AAMkAGUxMzYwN2YxLWEzMjQtNGVkYy04YzY3LTg2YmUxYWZmOGE3NgBGAAAAAABinZppktVXRqZAkxkN9Bu7BwCUsww3wSDGTIpFyL7YWrt6AAAAAAEJAACUsww3wSDGTIpFyL7YWrt6AAGCWv43AAABEgAQAEpTYcy1TQ9ClJY20tTt2NU=",
    "userId": "Amy@probotai.onmicrosoft.com",
    "messageId": "AAMkAGUxMzYwN2YxLWEzMjQtNGVkYy04YzY3LTg2YmUxYWZmOGE3NgBGAAAAAABinZppktVXRqZAkxkN9Bu7BwCUsww3wSDGTIpFyL7YWrt6AAAAAAEJAACUsww3wSDGTIpFyL7YWrt6AAGCWv43AAA=",
    "name": "Elton Slater incident report.doc"
  },
  {
    "orgId" : "29b6be00-aa96-4715-ba44-bd27fe53e0a1",
    "fileName": "COVID Grant Application.docx",
    "informationType": "Financial Information",
    "eventTime": "2020-11-11T11:11:50Z",
    "description": null,
    "severity": 2,
    "labels": [
      "Event Is Anomaly",
      "Event Shared Inside the organization",
      "Event High Sensitive"
    ],
    "insights": [
      "High sensitive content, Shared inside the organization",
      "High sensitive content, Shared inside the organization, Anomaly"
    ],
    "attachmentId": "AQMkADU4MWZmAmMtODU5Yi00N2Y0LWJmZGEtYTNiMDk2ZTgwMjhlAEYAAAPfwJDZvdMJTaTw-6GiiCeEBwCyOkR0R7VuTJG_iRI6sLRaAAACAQkAAACyOkR0R7VuTJG_iRI6sLRaAAAADm2KHQAAAAESABAAVAnoomXqgUyCOQaSRNSBeg==",
    "userId": "emilyrose@probotai.onmicrosoft.com",
    "messageId": "AQMkADU4MWZmAmMtODU5Yi00N2Y0LWJmZGEtYTNiMDk2ZTgwMjhlAEYAAAPfwJDZvdMJTaTw-6GiiCeEBwCyOkR0R7VuTJG_iRI6sLRaAAACAQkAAACyOkR0R7VuTJG_iRI6sLRaAAAADm2KHQAAAA==",
    "name": "COVID Grant Application.docx"
  },
  {
    "orgId" : "29b6be00-aa96-4715-ba44-bd27fe53e0a1",
    "fileName": "GDPR protocol - Naool.docx",
    "informationType": "Legal Information",
    "eventTime": "2020-11-16T09:00:35Z",
    "description": null,
    "severity": 1,
    "labels": [
      "Event Is Anomaly",
      "Event Medium Sensitive",
      "Event Shared Inside the organization"
    ],
    "insights": [
      "Medium sensitivity content, Shared inside the organization",
      "Medium sensitivity content, Shared inside the organization, Anomaly"
    ],
    "attachmentId": "AAMkADMzZWZjYzFlLTkyYTEtNDcyZC05Y2Q2LTU1ODNjNzdjMTdhNABGAAAAAACTivodtp6FSKqsW3i72jrvBwC0e3l0l5THSIWVCUvRK0ZRAAAAAAEJAAC0e3l0l5THSIWVCUvRK0ZRAAF5xMdnAAABEgAQAMi1_naI-31CqUuws9P7w-Q=",
    "userId": "Andrew@probotai.onmicrosoft.com",
    "messageId": "AAMkADMzZWZjYzFlLTkyYTEtNDcyZC05Y2Q2LTU1ODNjNzdjMTdhNABGAAAAAACTivodtp6FSKqsW3i72jrvBwC0e3l0l5THSIWVCUvRK0ZRAAAAAAEJAAC0e3l0l5THSIWVCUvRK0ZRAAF5xMdnAAA=",
    "name": "GDPR protocol - Naool.docx"
  },
  {
    "orgId" : "29b6be00-aa96-4715-ba44-bd27fe53e0a1",
    "fileName": "Q3 WP Astrid Atkins updated.docx",
    "informationType": "Other",
    "eventTime": "2020-11-12T10:21:52Z",
    "description": null,
    "severity": 1,
    "labels": [
      "Event Not Sensitive",
      "Event Is Anomaly",
      "Event Shared to Personal Address",
      "Event Shared Outside the organization"
    ],
    "insights": [
      "Shared to private email address, Anomaly",
      "Shared to private email address",
      "Shared Outside the organization, Anomaly",
      "Shared Outside the organization"
    ],
    "attachmentId": "AAMkADdmMjdhNzk3LWYwYjEtNDc2OS04NDQ0LWE0ZGFkMmY2NGRmZABGAAAAAADusHPDQdWXQIwYC1p7d9lfBwBcaxB-9W2fRYQDy-2mhr6vAAAAAAEJAABcaxB-9W2fRYQDy-2mhr6vAAARU1DxAAABEgAQABIKuZXrJCJHqOvPYg_JQaI=",
    "userId": "edominick@probotai.onmicrosoft.com",
    "messageId": "AAMkADdmMjdhNzk3LWYwYjEtNDc2OS04NDQ0LWE0ZGFkMmY2NGRmZABGAAAAAADusHPDQdWXQIwYC1p7d9lfBwBcaxB-9W2fRYQDy-2mhr6vAAAAAAEJAABcaxB-9W2fRYQDy-2mhr6vAAARU1DxAAA=",
    "name": "Q3 WP Astrid Atkins updated.docx"
  },
  {
    "orgId" : "29b6be00-aa96-4715-ba44-bd27fe53e0a1",
    "fileName": "SWOT R+D Team Virgo Q4.docx",
    "informationType": "Other",
    "eventTime": "2021-02-17T10:01:59Z",
    "description": null,
    "severity": 1,
    "labels": [
      "Event Not Sensitive",
      "Event Is Anomaly",
      "Event Shared Outside the organization"
    ],
    "insights": [
      "Shared Outside the organization, Anomaly",
      "Shared Outside the organization"
    ],
    "siteId": "7136b682-5698-4f62-aed6-325f2eee845e",
    "listId": "fb75e319-8296-488d-aedf-12f0c727bd08",
    "listItemUniqueId": "12be1fc0-7936-490d-bed9-8f698a981d61",
    "sourceFileExtension": "docx"
  }
]