Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Sample Data/Custom/ProofPointTAPMessagesBlocke...

393 строки
29 KiB
JSON
Исходник Ответственный История

[
{
"TenantId": "00000000-0000-0000-0000-00000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-04-28T15:45:01.185Z",
"Computer": "",
"RawData": "",
"spamScore_d": "100",
"threatsInfoMap_s": "[\r\n {\r\n \"threatID\": \"a1ac96cc939effe50aec93c726ca4ef67e5748fa55bf7988301d168a02060161\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/a1ac96cc939effe50aec93c726ca4ef67e5748fa55bf7988301d168a02060161\",\r\n \"threatTime\": \"2020-04-28T15:05:08Z\",\r\n \"threat\": \"a1ac96cc939effe50aec93c726ca4ef67e5748fa55bf7988301d168a02060161\",\r\n \"campaignID\": null,\r\n \"threatType\": \"attachment\"\r\n }\r\n]",
"messageTime_t": "2020-04-28T15:06:56Z",
"subject_s": "BROOKS (17124244096) left you a message 21 second(s) long.",
"quarantineRule_s": "module.sandbox.rule.threat",
"replyToAddress_s": "[]",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30pax0uf3f-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"attached\",\r\n \"sha256\": \"a1ac96cc939effe50aec93c726ca4ef67e5748fa55bf7988301d168a02060161\",\r\n \"md5\": \"2a0e7a82f0aff7fed2d1b13a6336602e\",\r\n \"filename\": \".htm\",\r\n \"sandboxStatus\": \"THREAT\",\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "2998",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\",\r\n \"allow_relay\",\r\n \"firewallsafe\",\r\n \"internalnet\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"urldefense\"\r\n]",
"GUID_s": "#NAME?",
"cluster_s": "abc_hosted",
"quarantineFolder_s": "Attachment Defense",
"fromAddress_s": "[\r\n \"bdcfaa08a38889403842110ca5f53c17@sakagami-ltd.co.jp\"\r\n]",
"ccAddresses_s": "[]",
"xmailer_s": "",
"completelyRewritten_b": "FALSE",
"Type": "ProofPointTAPMessagesBlocked_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-00000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-04-28T15:50:01.044Z",
"Computer": "",
"RawData": "",
"spamScore_d": "100",
"threatsInfoMap_s": "[\r\n {\r\n \"threatID\": \"c1425fbe7134b8cfcf479a5799cec7917ad7638268cc8554c5f50374198dfa75\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/c1425fbe7134b8cfcf479a5799cec7917ad7638268cc8554c5f50374198dfa75\",\r\n \"threatTime\": \"2020-01-13T15:59:53Z\",\r\n \"threat\": \"toursfera.com/wp-content/uploads/\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n }\r\n]",
"messageTime_t": "2020-04-28T15:13:48Z",
"subject_s": "THE ONLINE DRUGSHOP amplifying the opportunity to impale other man",
"quarantineRule_s": "module.spam.rule.defaultinbound_spam_definite",
"replyToAddress_s": "[]",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30mhgfww0q-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"28bc3478403b64679b24c24f1c3d85f5fa97393a76a8d9cda49bb3f3244d7b18\",\r\n \"md5\": \"7c9192185123d6014afa57de8d086fc2\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "3269",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "100",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
"GUID_s": "wZPKm75dzvm8trCR2JvmZYCF5lkX82ep",
"cluster_s": "abc_hosted",
"quarantineFolder_s": "InboundDefiniteSpam",
"fromAddress_s": "[\r\n \"56452b6fceba10a5291d2fd9b87b79f7sanitized@sanitized.com\"\r\n]",
"ccAddresses_s": "[\r\n \"981aca6444560fc70ef8d5258b164cffsanitized@sanitized.com\"\r\n]",
"xmailer_s": "iPad Mail (13E238)",
"completelyRewritten_b": "FALSE",
"Type": "ProofPointTAPMessagesBlocked_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-00000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-04-28T15:55:01.201Z",
"Computer": "",
"RawData": "",
"spamScore_d": "0",
"threatsInfoMap_s": "[\r\n {\r\n \"threatID\": \"cd14380112aabefd7e972956ff1575f2da6de0e99e1d317160c5324a6777c8ca\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/cd14380112aabefd7e972956ff1575f2da6de0e99e1d317160c5324a6777c8ca\",\r\n \"threatTime\": \"2020-04-28T15:18:37Z\",\r\n \"threat\": \"insert-link-here.com\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n },\r\n {\r\n \"threatID\": \"8ac038e5d7f9d945dcfa1b6d41980bd73baff3c88d4e4f7a8625b50e185a25ee\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/8ac038e5d7f9d945dcfa1b6d41980bd73baff3c88d4e4f7a8625b50e185a25ee\",\r\n \"threatTime\": \"2019-09-25T15:10:50Z\",\r\n \"threat\": \"http://www.insert-link-here.com\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n }\r\n]",
"messageTime_t": "2020-04-28T15:21:30Z",
"subject_s": "=?utf-8?Q?Time=20to=20move=20off=20BNA=3F=20Enjoy=20a=20preview=20of=20Brocade=20SANnav=20Management=20Portal?=",
"quarantineRule_s": "module.spam.rule.defaultinbound_bulk",
"replyToAddress_s": "sanitized@sanitized.com",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30n4bskefr-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"d6b2936bcbecd35e4588173215467d0d98c0ca8a40e378bec1878714d50d05e3\",\r\n \"md5\": \"5dec6ecee7a2afc88c25d532aa23f157\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"d40946767fec64dcd165c805498343284d095f00052a40add2c0004b7c3d24cc\",\r\n \"md5\": \"3166305aa434a9b27e8672fa3a67394e\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n }\r\n]",
"headerReplyTo_s": "=?utf-8?Q?Brocade?= <xtwsanitize@sanitized.com>",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "48265",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
"GUID_s": "n9F2qSfAUGOuif5La6gJGG31p5IQof48",
"cluster_s": "abc_hosted",
"quarantineFolder_s": "Bulk",
"fromAddress_s": "[\r\n \"6d223a5c21674829b702c278cd4c8c2fsanitized@sanitized.com\"\r\n]",
"ccAddresses_s": "[]",
"xmailer_s": "MailChimp Mailer - **CID4d52dc8025000c740f7d**",
"completelyRewritten_b": "FALSE",
"Type": "ProofPointTAPMessagesBlocked_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-00000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-04-28T15:55:01.201Z",
"Computer": "",
"RawData": "",
"spamScore_d": "0",
"threatsInfoMap_s": "[\r\n {\r\n \"threatID\": \"7ca2d79ade8ae0fadd78e918aa20824fed4688a9ee416a3cc5cb385be7031739\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/7ca2d79ade8ae0fadd78e918aa20824fed4688a9ee416a3cc5cb385be7031739\",\r\n \"threatTime\": \"2020-04-28T15:43:33Z\",\r\n \"threat\": \"storage.googleapis.com/fgfdsd4545454/\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n }\r\n]",
"messageTime_t": "2020-04-28T14:55:17Z",
"subject_s": "dl101sanitized@sanitized.com Received A Document",
"quarantineRule_s": "module.spam.rule.defaultinbound_spam",
"replyToAddress_s": "sanitized@sanitized.com",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30n392kdhh-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"attached\",\r\n \"sha256\": \"013d60df53d77cac080bb04033e4f8894e1d4eab89b8043069ab7b45e5c76cb4\",\r\n \"md5\": \"b599fa8eebd35574b59ce3ad55583002\",\r\n \"filename\": \"blue2x-10b63a7e9107c08c8d89a3f8016c133ae4fcf5afb3e59a65fb17e21eeb83148d.png\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"image/png\",\r\n \"contentType\": \"image/png\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"61e349e2391d26402442acf92f1df8f38cf959bc7f1ffca148d6f58ea9e1592e\",\r\n \"md5\": \"a2c9d9a2de2c6b2234408d5c1204e622\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n }\r\n]",
"headerReplyTo_s": "sanitized@sanitized.com",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "21310",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
"GUID_s": "B36mLqOc30s7ON9XZTBduuv920kclLCc",
"cluster_s": "abc_hosted",
"quarantineFolder_s": "Quarantine",
"fromAddress_s": "[\r\n \"3a8ddda1c02aff30e434f7ffd9aabbe3@iplace.at\"\r\n]",
"ccAddresses_s": "[]",
"xmailer_s": "",
"completelyRewritten_b": "FALSE",
"Type": "ProofPointTAPMessagesBlocked_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-00000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-04-28T15:55:01.201Z",
"Computer": "",
"RawData": "",
"spamScore_d": "0",
"threatsInfoMap_s": "[\r\n {\r\n \"threatID\": \"cd14380112aabefd7e972956ff1575f2da6de0e99e1d317160c5324a6777c8ca\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/cd14380112aabefd7e972956ff1575f2da6de0e99e1d317160c5324a6777c8ca\",\r\n \"threatTime\": \"2020-04-28T15:18:37Z\",\r\n \"threat\": \"insert-link-here.com\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n },\r\n {\r\n \"threatID\": \"8ac038e5d7f9d945dcfa1b6d41980bd73baff3c88d4e4f7a8625b50e185a25ee\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/8ac038e5d7f9d945dcfa1b6d41980bd73baff3c88d4e4f7a8625b50e185a25ee\",\r\n \"threatTime\": \"2019-09-25T15:10:50Z\",\r\n \"threat\": \"http://www.insert-link-here.com\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n }\r\n]",
"messageTime_t": "2020-04-28T15:15:28Z",
"subject_s": "=?utf-8?Q?Time=20to=20move=20off=20BNA=3F=20Enjoy=20a=20preview=20of=20Brocade=20SANnav=20Management=20Portal?=",
"quarantineRule_s": "module.spam.rule.defaultinbound_bulk",
"replyToAddress_s": "sanitized@sanitized.com",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30pf35tf62-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"0c0ff478e259f471068c5ddf1328d675fa3d49bd803e04d9aac3aed0cc7222be\",\r\n \"md5\": \"6d459db17507ff6f0818b1d589edafca\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"aa19ae4a23989051610ad377b1adda51101a0db50b0866727b9e091a2a4b788e\",\r\n \"md5\": \"88557b066dc4234c866d445192f8e7ee\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n }\r\n]",
"headerReplyTo_s": "=?utf-8?Q?Brocade?= <sanitized.com@sanitized.com>",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "48263",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
"GUID_s": "3G7d7FRKkq1RxzqS53d5efVkLR31WHQr",
"cluster_s": "abc_hosted",
"quarantineFolder_s": "Bulk",
"fromAddress_s": "[\r\n \"6d223a5c21674829b702c278cd4c8c2fsanitized@sanitized.com\"\r\n]",
"ccAddresses_s": "[]",
"xmailer_s": "MailChimp Mailer - **CID4d52dc802539d918410f**",
"completelyRewritten_b": "FALSE",
"Type": "ProofPointTAPMessagesBlocked_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-00000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-04-28T15:55:01.201Z",
"Computer": "",
"RawData": "",
"spamScore_d": "0",
"threatsInfoMap_s": "[\r\n {\r\n \"threatID\": \"cd14380112aabefd7e972956ff1575f2da6de0e99e1d317160c5324a6777c8ca\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/cd14380112aabefd7e972956ff1575f2da6de0e99e1d317160c5324a6777c8ca\",\r\n \"threatTime\": \"2020-04-28T15:18:37Z\",\r\n \"threat\": \"insert-link-here.com\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n },\r\n {\r\n \"threatID\": \"8ac038e5d7f9d945dcfa1b6d41980bd73baff3c88d4e4f7a8625b50e185a25ee\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/8ac038e5d7f9d945dcfa1b6d41980bd73baff3c88d4e4f7a8625b50e185a25ee\",\r\n \"threatTime\": \"2019-09-25T15:10:50Z\",\r\n \"threat\": \"http://www.insert-link-here.com\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n }\r\n]",
"messageTime_t": "2020-04-28T15:21:31Z",
"subject_s": "=?utf-8?Q?Time=20to=20move=20off=20BNA=3F=20Enjoy=20a=20preview=20of=20Brocade=20SANnav=20Management=20Portal?=",
"quarantineRule_s": "module.spam.rule.defaultinbound_bulk",
"replyToAddress_s": "sanitized@sanitized.com",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30n4bskf10-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"5ad9e33ffc21c2cc5da05723a002bebf1525f5443f8eca470993ac2f67b2cf0c\",\r\n \"md5\": \"0690782b893a6526815077f26285af33\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"ad50200fa9c35411db85a94365b82adcfa30792c9f67b39bd1ea9fcef9f982a9\",\r\n \"md5\": \"f443e1e02d3b60313d8a69c7900db695\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n }\r\n]",
"headerReplyTo_s": "=?utf-8?Q?Brocade?= <xtwsanitized@sanitized.com>",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "48222",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\",\r\n \"TAP_Technology\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
"GUID_s": "aprCXPpMxuH-0KnqM7mkHhQqkkM5mGOP",
"cluster_s": "abc_hosted",
"quarantineFolder_s": "Bulk",
"fromAddress_s": "[\r\n \"6d223a5c21674829b702c278cd4c8c2fsanitized@sanitized.com\"\r\n]",
"ccAddresses_s": "[]",
"xmailer_s": "MailChimp Mailer - **CID4d52dc8025358efeb219**",
"completelyRewritten_b": "FALSE",
"Type": "ProofPointTAPMessagesBlocked_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-00000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-04-28T15:55:01.201Z",
"Computer": "",
"RawData": "",
"spamScore_d": "100",
"threatsInfoMap_s": "[\r\n {\r\n \"threatID\": \"142c199adf96b20383ad38a442a486a280a2a90c9a81e8d475f00032f12ea3e8\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/142c199adf96b20383ad38a442a486a280a2a90c9a81e8d475f00032f12ea3e8\",\r\n \"threatTime\": \"2020-04-17T00:06:39Z\",\r\n \"threat\": \"firebasestorage.googleapis.com/v0/b/userupdate2020-f6776.appspot.com/\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n }\r\n]",
"messageTime_t": "2020-04-28T15:15:26Z",
"subject_s": "Mail delivery failed: [6] messages to sanitized@sanitized.com delayed for 48 hours",
"quarantineRule_s": "module.spam.rule.defaultinbound_spam_definite",
"replyToAddress_s": "[]",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30pf35tdqc-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"6b536ded3d77f04a70c60a568289ceedea490b1ddd457d337ef35de317cc0760\",\r\n \"md5\": \"c0e137c176f6df000b82d2a4c66e9c78\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "3614",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "100",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
"GUID_s": "psQenS1-GmtXQDWM8hDfmpoLjesN8Pmf",
"cluster_s": "abc_hosted",
"quarantineFolder_s": "InboundDefiniteSpam",
"fromAddress_s": "[\r\n \"sanitized@sanitized.com\"\r\n]",
"ccAddresses_s": "[]",
"xmailer_s": "",
"completelyRewritten_b": "FALSE",
"Type": "ProofPointTAPMessagesBlocked_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-00000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-04-28T16:05:07.215Z",
"Computer": "",
"RawData": "",
"spamScore_d": "100",
"threatsInfoMap_s": "[\r\n {\r\n \"threatID\": \"142c199adf96b20383ad38a442a486a280a2a90c9a81e8d475f00032f12ea3e8\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/142c199adf96b20383ad38a442a486a280a2a90c9a81e8d475f00032f12ea3e8\",\r\n \"threatTime\": \"2020-04-17T00:06:39Z\",\r\n \"threat\": \"firebasestorage.googleapis.com/v0/b/userupdate2020-f6776.appspot.com/\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n }\r\n]",
"messageTime_t": "2020-04-28T15:27:17Z",
"subject_s": "Mail delivery failed: [6] messages to sanitized@sanitized.com delayed for 48 hours",
"quarantineRule_s": "module.spam.rule.defaultinbound_spam_definite",
"replyToAddress_s": "[]",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30n3n93nw3-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"06b6c6d0c4bddf0bb2a38ba8aa716cddddcc9e8f7562e32fbb870eba41a4576a\",\r\n \"md5\": \"d3c7d4dba093f54bb3d1697c98b8901b\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "3652",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "100",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
"GUID_s": "vIcTGn0KlQ_OaQoJ0moiqN1H9VzvKj7M",
"cluster_s": "abc_hosted",
"quarantineFolder_s": "InboundDefiniteSpam",
"fromAddress_s": "[\r\n \"sanitized@sanitized.com\"\r\n]",
"ccAddresses_s": "[]",
"xmailer_s": "",
"completelyRewritten_b": "FALSE",
"Type": "ProofPointTAPMessagesBlocked_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-00000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-04-28T16:05:07.215Z",
"Computer": "",
"RawData": "",
"spamScore_d": "100",
"threatsInfoMap_s": "[\r\n {\r\n \"threatID\": \"1c36d41a2015861f032d329a33b58b3efc67176748da0c8abeed87da01acb13c\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/1c36d41a2015861f032d329a33b58b3efc67176748da0c8abeed87da01acb13c\",\r\n \"threatTime\": \"2020-04-28T14:41:20Z\",\r\n \"threat\": \"demo.mylingositter.com/wp-content/cache/redir\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n }\r\n]",
"messageTime_t": "2020-04-28T15:27:08Z",
"subject_s": "Email Quarantine Report For hjb3sanitized.com@sanitized.com",
"quarantineRule_s": "module.spam.rule.defaultinbound_spam_definite",
"replyToAddress_s": "[]",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30n3jxuptw-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"dfab02a6bfdba32d3687b3fb8d2cee32ba44c4e3fd7b3a3d92504cd098c32205\",\r\n \"md5\": \"50b6fbb842683b759eef3c6605120720\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "7163",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "100",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
"GUID_s": "iCPKKH9mIuOSUjPVg_7TAMaLIYAsvDGK",
"cluster_s": "abc_hosted",
"quarantineFolder_s": "InboundDefiniteSpam",
"fromAddress_s": "[\r\n \"86af00feb0d3bcd4b73f5a0480edd48d@fatima-group.com\"\r\n]",
"ccAddresses_s": "[]",
"xmailer_s": "",
"completelyRewritten_b": "FALSE",
"Type": "ProofPointTAPMessagesBlocked_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-00000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-04-28T16:05:07.215Z",
"Computer": "",
"RawData": "",
"spamScore_d": "100",
"threatsInfoMap_s": "[\r\n {\r\n \"threatID\": \"9f06d3cd0968894eaa4f9702c9fc6b6f8455f47973f524d771d2c4b17eaf8cb7\",\r\n \"threatStatus\": \"active\",\r\n \"classification\": \"phish\",\r\n \"threatUrl\": \"https://threatinsight.proofpoint.com/314893f9-d777-b28e-8349-41ae02d88d57/threat/email/9f06d3cd0968894eaa4f9702c9fc6b6f8455f47973f524d771d2c4b17eaf8cb7\",\r\n \"threatTime\": \"2020-02-27T18:24:03Z\",\r\n \"threat\": \"electrotermal.ro/\",\r\n \"campaignID\": null,\r\n \"threatType\": \"url\"\r\n }\r\n]",
"messageTime_t": "2020-04-28T15:25:46Z",
"subject_s": "Sex endured by women is probably greater in!",
"quarantineRule_s": "module.spam.rule.defaultinbound_spam_definite",
"replyToAddress_s": "[]",
"toAddresses_s": "sanitized@sanitized.com",
"QID_s": "30mhgfwy3t-1",
"sender_s": "bdcfaa08a38889403842110ca5f53c17sanitized@sanitized.com",
"recipient_s": "sanitized@sanitized.com",
"senderIP_s": "00.00.00.00",
"messageID_s": "<fb09d87a-2d35-fb04-491c-faa1f5ea3f0bsanitized@sanitized.com>",
"messageParts_s": "[\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"e74eb96cdca7e49e42e1c015486301abfd127332889d01ca067350add677d850\",\r\n \"md5\": \"71b5acb455d3fb6db8f821f404fce525\",\r\n \"filename\": \"text.txt\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/plain\",\r\n \"contentType\": \"text/plain\"\r\n },\r\n {\r\n \"disposition\": \"inline\",\r\n \"sha256\": \"30b822a528992205caa8343e34ed25cb91b1c2ced887de5574aea4ce1ceb2575\",\r\n \"md5\": \"9029bd45b9a03c5677b29f02afaf5fde\",\r\n \"filename\": \"text.html\",\r\n \"sandboxStatus\": null,\r\n \"oContentType\": \"text/html\",\r\n \"contentType\": \"text/html\"\r\n }\r\n]",
"headerReplyTo_s": "",
"impostorScore_d": "0",
"malwareScore_d": "0",
"messageSize_d": "9701",
"headerFrom_s": "sanitized@sanitized.com",
"phishScore_d": "0",
"policyRoutes_s": "[\r\n \"default_inbound\",\r\n \"nt_spoofsafe\"\r\n]",
"modulesRun_s": "[\r\n \"access\",\r\n \"dkim\",\r\n \"smtpsrv\",\r\n \"av\",\r\n \"zerohour\",\r\n \"spf\",\r\n \"dkimv\",\r\n \"sandbox\",\r\n \"spam\",\r\n \"dmarc\",\r\n \"pdr\",\r\n \"urldefense\"\r\n]",
"GUID_s": "25FrcWFqMhtVNJnQGTKxHUR-JbvOq71j",
"cluster_s": "abc_hosted",
"quarantineFolder_s": "InboundDefiniteSpam",
"fromAddress_s": "[\r\n \"sanitized.com@sanitized.com\"\r\n]",
"ccAddresses_s": "[]",
"xmailer_s": "",
"completelyRewritten_b": "FALSE",
"Type": "ProofPointTAPMessagesBlocked_CL",
"_ResourceId": ""
}
]
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку