Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Sample Data/Custom/NCProtectUAL_CL.json

234 строки
10 KiB
JSON
Исходник Ответственный История

[
{
"TimeGenerated [UTC]": "3/21/2021, 10:38:57.794 PM",
"DocumentUrl": "https://hsftrms.sharepoint.com/sites/KMTest851/Shared%20Documents/Board%20Agenda.pdf",
"SHA512Hash": "n/a",
"Id": "47949cb8-ca30-4af9-b905-8b05bf03ae3c",
"Timestamp": "3/21/2021 10:38:56 PM",
"UserDisplayName": "Leigh Rowland",
"UserLoginName": "i:0#.f|membership|l.rowland@hsftrms.onmicrosoft.com",
"UserEmail": "l.rowland@hsftrms.onmicrosoft.com",
"DocumentProtectionId": "00000000-0000-0000-0000-000000000000",
"Type": "Open",
"Status": "Fail",
"Application": "Chrome",
"Browser": "Chrome",
"OS": "Windows",
"RuleName": "",
"RuleUrl": "",
"JSONExtra": "{\"Details\":\"NC Protect blocked requested access to /sites/KMTest851/_layouts/15/download.aspx?UniqueId=5c83b4ad-efa3-4df7-b446-7d0e43adfe4a by user i:0#.f|membership|l.rowland@hsftrms.onmicrosoft.com\"}",
"Sender": "NCProtect",
"Type": "NCProtectUAL_CL"
},
{
"TimeGenerated [UTC]": "3/21/2021, 10:30:12.446 PM",
"DocumentUrl": "https://hsftrms.sharepoint.com/sites/KMTest851/Shared%20Documents/Allice%20Hollows%20Resume.docx",
"SHA512Hash": "00000000-0000-0000-0000-000000000000",
"Id": "9a689509-c8d8-44f1-8a36-b21dbfdf25ac",
"Timestamp": "3/21/2021 10:30:12 PM",
"UserDisplayName": "Leigh Rowland",
"UserLoginName": "i:0#.f|membership|l.rowland@hsftrms.onmicrosoft.com",
"UserEmail": "l.rowland@hsftrms.onmicrosoft.com",
"DocumentProtectionId": "00000000-0000-0000-0000-000000000000",
"Type": "Download",
"Status": "Success",
"Application": "Chrome",
"Browser": "Chrome",
"OS": "Windows",
"RuleName": "",
"RuleUrl": "",
"JSONExtra": "{\"Details\":\"\"}",
"Sender": "NCProtect",
"Type": "NCProtectUAL_CL"
},
{
"TimeGenerated [UTC]": "3/21/2021, 10:26:52.506 PM",
"DocumentUrl": "\\\\sheriff\\hrdoc\\F5.txt",
"SHA512Hash": "",
"Id": "1524c20f-7430-4c0f-b173-b3c325dd97b8",
"Timestamp": "3/21/2021 10:26:47 PM",
"UserDisplayName": "svcncprotect",
"UserLoginName": "svcncprotect",
"UserEmail": "",
"DocumentProtectionId": "00000000-0000-0000-0000-000000000000",
"Type": "Decrypt",
"Status": "Success",
"Application": "Chrome",
"Browser": "Chrome",
"OS": "Windows",
"RuleName": "",
"RuleUrl": "",
"JSONExtra": "",
"Sender": "NCProtect",
"Type": "NCProtectUAL_CL"
},
{
"TimeGenerated [UTC]": "3/21/2021, 10:21:38.756 AM",
"DocumentUrl": "\\\\sheriff\\hrdoc\\F5.txt",
"SHA512Hash": "6f62b409-b8dc-45b9-905a-2d5cbb65f78a",
"Id": "6f62b409-b8dc-45b9-905a-2d5cbb65f78a",
"Timestamp": "3/21/2021 10:21:33 AM",
"UserDisplayName": "svcncprotect",
"UserLoginName": "svcncprotect",
"UserEmail": "",
"DocumentProtectionId": "00000000-0000-0000-0000-000000000000",
"Type": "ApplyPermissions",
"Status": "Success",
"Application": "NC Protect",
"Browser": "Chrome",
"OS": "Windows",
"RuleName": "sr",
"RuleUrl": "/_admin/Pages/SettingsPages/Sharing RuleEdit.aspx?id=0",
"JSONExtra": "",
"Sender": "NCProtect",
"Type": "NCProtectUAL_CL"
},
{
"TimeGenerated [UTC]": "3/21/2021, 10:21:38.075 AM",
"DocumentUrl": "\\\\sheriff\\hrdoc\\F5.txt",
"SHA512Hash": "",
"Id": "a37916cc-8cb4-483e-a9f5-622c8813dc79",
"Timestamp": "3/21/2021 10:21:34 AM",
"UserDisplayName": "svcncprotect",
"UserLoginName": "svcncprotect",
"UserEmail": "",
"DocumentProtectionId": "00000000-0000-0000-0000-000000000000",
"Type": "Encrypt",
"Status": "Success",
"Application": "Chrome",
"Browser": "Chrome",
"OS": "Windows",
"RuleName": "sr",
"RuleUrl": "/_admin/Pages/SettingsPages/Sharing RuleEdit.aspx?id=0",
"JSONExtra": "",
"Sender": "NCProtect",
"Type": "NCProtectUAL_CL"
},
{
"TimeGenerated [UTC]": "3/18/2021, 5:08:11.067 AM",
"DocumentUrl": "https://sheriff/_admin/Account/Login.aspx",
"SHA512Hash": "",
"Id": "30648b14-5922-4980-a8ad-efc8a842f643",
"Timestamp": "3/18/2021 5:08:10 AM",
"UserDisplayName": "Administrator",
"UserLoginName": "Administrator",
"UserEmail": "",
"DocumentProtectionId": "00000000-0000-0000-0000-000000000000",
"Type": "LoginSuccess",
"Status": "Success",
"Application": "Chrome",
"Browser": "Chrome",
"OS": "Windows",
"RuleName": "",
"RuleUrl": "",
"JSONExtra": "{\"Details\":\"Login Success for User Administrator\"}",
"Sender": "NCProtect",
"Type": "NCProtectUAL_CL"
},
{
"TimeGenerated [UTC]": "3/18/2021, 5:08:41.756 AM",
"DocumentUrl": "https://sheriff/_admin/default.aspx",
"SHA512Hash": "",
"Id": "a83486fc-182e-4fd1-887e-ffac603356ec",
"Timestamp": "3/18/2021 5:08:41 AM",
"UserDisplayName": "Administrator",
"UserLoginName": "Administrator",
"UserEmail": "",
"DocumentProtectionId": "00000000-0000-0000-0000-000000000000",
"Type": "Logout",
"Status": "Success",
"Application": "Chrome",
"Browser": "Chrome",
"OS": "Windows",
"RuleName": "",
"RuleUrl": "",
"JSONExtra": "{\"Details\":\"Logged out Success for User Administrator\"}",
"Sender": "NCProtect",
"Type": "NCProtectUAL_CL"
},
{
"TimeGenerated [UTC]": "3/18/2021, 11:16:36.117 PM",
"DocumentUrl": "https://sheriff/_admin/Account/Login.aspx",
"SHA512Hash": "",
"Id": "236bb41a-0a33-42f3-9bdb-562548d5ed76",
"Timestamp": "3/18/2021 11:16:34 PM",
"UserDisplayName": "Administrator",
"UserLoginName": "Administrator",
"UserEmail": "",
"DocumentProtectionId": "00000000-0000-0000-0000-000000000000",
"Type": "LoginFailure",
"Status": "Success",
"Application": "Chrome",
"Browser": "Chrome",
"OS": "Windows",
"RuleName": "",
"RuleUrl": "",
"JSONExtra": "{\"Details\":\"Login Failed for User Administrator\"}",
"Sender": "NCProtect",
"Type": "NCProtectUAL_CL"
},
{
"TimeGenerated [UTC]": "3/18/2021, 11:09:04.292 PM",
"DocumentUrl": "",
"SHA512Hash": "",
"Id": "c22e5160-cdb0-4339-95b2-05ff2d3bfd58",
"Timestamp": "3/18/2021 11:09:02 PM",
"UserDisplayName": "Administrator",
"UserLoginName": "Administrator",
"UserEmail": "l.rowland@hsftrms.onmicrosoft.com",
"DocumentProtectionId": "00000000-0000-0000-0000-000000000000",
"Type": "Create",
"Status": "Success",
"Application": "Chrome",
"Browser": "Chrome",
"OS": "Windows",
"RuleName": "DAR Rule",
"RuleUrl": "https://sheriff/_admin/Pages/SettingsPages/DynamicAccessRuleEdit.aspx?itemid=1023",
"JSONExtra": "{\"New\":\"{\\r\\n \\\"Name\\\": \\\"DAR Rule\\\",\\r\\n \\\"Description\\\": \\\"\\\",\\r\\n \\\"ScopeUrl\\\": \\\"2019\\\",\\r\\n \\\"Condition\\\": {\\r\\n \\\"Expressions\\\": [\\r\\n {\\r\\n \\\"Level\\\": 0,\\r\\n \\\"Operator\\\": \\\"None\\\",\\r\\n \\\"RHSType\\\": \\\"FixedValue\\\",\\r\\n \\\"RHSSource\\\": \\\"txt\\\",\\r\\n \\\"LHSType\\\": \\\"Column\\\",\\r\\n \\\"LHSSource\\\": \\\"File Type\\\",\\r\\n \\\"ExpressionOperator\\\": \\\"Equals\\\"\\r\\n }\\r\\n ]\\r\\n },\\r\\n \\\"RuleAccessAction\\\": \\\"1\\\",\\r\\n \\\"IsActive\\\": false,\\r\\n \\\"Scope\\\": \\\"Asset\\\",\\r\\n \\\"IsDeny\\\": false\\r\\n}\",\"Old\":\"\",\"Site URL\":\"\"}",
"Sender": "NCProtect",
"Type": "NCProtectUAL_CL"
},
{
"TimeGenerated [UTC]": "3/18/2021, 11:09:18.391 PM",
"DocumentUrl": "",
"SHA512Hash": "",
"Id": "47827159-646b-48a2-a00f-836a1e09b12c",
"Timestamp": "3/18/2021 11:09:16 PM",
"UserDisplayName": "Administrator",
"UserLoginName": "Administrator",
"UserEmail": "l.rowland@hsftrms.onmicrosoft.com",
"DocumentProtectionId": "00000000-0000-0000-0000-000000000000",
"Type": "Modify",
"Status": "Success",
"Application": "Chrome",
"Browser": "Chrome",
"OS": "Windows",
"RuleName": "DAR Rule",
"RuleUrl": "https://sheriff/_admin/Pages/SettingsPages/DynamicAccessRuleEdit.aspx?itemid=1023",
"JSONExtra": "{\"New\":\"{\\r\\n \\\"Name\\\": \\\"DAR Rule\\\",\\r\\n \\\"Description\\\": \\\"Description Added\\\",\\r\\n \\\"ScopeUrl\\\": \\\"2019\\\",\\r\\n \\\"Condition\\\": {\\r\\n \\\"Expressions\\\": [\\r\\n {\\r\\n \\\"Level\\\": 0,\\r\\n \\\"Operator\\\": \\\"None\\\",\\r\\n \\\"RHSType\\\": \\\"FixedValue\\\",\\r\\n \\\"RHSSource\\\": \\\"txt\\\",\\r\\n \\\"LHSType\\\": \\\"Column\\\",\\r\\n \\\"LHSSource\\\": \\\"File Type\\\",\\r\\n \\\"ExpressionOperator\\\": \\\"Equals\\\"\\r\\n }\\r\\n ]\\r\\n },\\r\\n \\\"RuleAccessAction\\\": \\\"1\\\",\\r\\n \\\"IsActive\\\": false,\\r\\n \\\"Scope\\\": \\\"Asset\\\",\\r\\n \\\"IsDeny\\\": false\\r\\n}\",\"Old\":\"{\\r\\n \\\"Name\\\": \\\"DAR Rule\\\",\\r\\n \\\"Description\\\": \\\"Description Added\\\",\\r\\n \\\"ScopeUrl\\\": \\\"2019\\\",\\r\\n \\\"Condition\\\": {\\r\\n \\\"Expressions\\\": [\\r\\n {\\r\\n \\\"Level\\\": 0,\\r\\n \\\"Operator\\\": \\\"None\\\",\\r\\n \\\"RHSType\\\": \\\"FixedValue\\\",\\r\\n \\\"RHSSource\\\": \\\"txt\\\",\\r\\n \\\"LHSType\\\": \\\"Column\\\",\\r\\n \\\"LHSSource\\\": \\\"File Type\\\",\\r\\n \\\"ExpressionOperator\\\": \\\"Equals\\\"\\r\\n }\\r\\n ]\\r\\n },\\r\\n \\\"RuleAccessAction\\\": \\\"1\\\",\\r\\n \\\"IsActive\\\": false,\\r\\n \\\"Scope\\\": \\\"Asset\\\",\\r\\n \\\"IsDeny\\\": false\\r\\n}\",\"Site URL\":\"\"}",
"Sender": "NCProtect",
"Type": "NCProtectUAL_CL"
},
{
"TimeGenerated [UTC]": "3/18/2021, 11:12:14.041 PM",
"DocumentUrl": "",
"SHA512Hash": "",
"Id": "949dcf51-fa64-4a1d-8e3b-d85f3748596a",
"Timestamp": "3/18/2021 11:12:12 PM",
"UserDisplayName": "Administrator",
"UserLoginName": "Administrator",
"UserEmail": "l.rowland@hsftrms.onmicrosoft.com",
"DocumentProtectionId": "00000000-0000-0000-0000-000000000000",
"Type": "Delete",
"Status": "Success",
"Application": "Chrome",
"Browser": "Chrome",
"OS": "Windows",
"RuleName": "DAR Rule",
"RuleUrl": "https://sheriff/_admin/Pages/SettingsPages/DynamicAccessRuleEdit.aspx?itemid=1023",
"JSONExtra": "{\"New\":\"\",\"Old\":\"{\\r\\n \\\"Name\\\": \\\"DAR Rule\\\",\\r\\n \\\"Description\\\": \\\"Description Added 1\\\",\\r\\n \\\"ScopeUrl\\\": \\\"2019\\\",\\r\\n \\\"Condition\\\": {\\r\\n \\\"Expressions\\\": [\\r\\n {\\r\\n \\\"Level\\\": 0,\\r\\n \\\"Operator\\\": \\\"None\\\",\\r\\n \\\"RHSType\\\": \\\"FixedValue\\\",\\r\\n \\\"RHSSource\\\": \\\"txt\\\",\\r\\n \\\"LHSType\\\": \\\"Column\\\",\\r\\n \\\"LHSSource\\\": \\\"File Type\\\",\\r\\n \\\"ExpressionOperator\\\": \\\"Equals\\\"\\r\\n }\\r\\n ]\\r\\n },\\r\\n \\\"RuleAccessAction\\\": \\\"1\\\",\\r\\n \\\"IsActive\\\": true,\\r\\n \\\"Scope\\\": \\\"Asset\\\",\\r\\n \\\"IsDeny\\\": false\\r\\n}\",\"Site URL\":\"undefined\"}",
"Sender": "NCProtect",
"Type": "NCProtectUAL_CL"
}
]
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку