Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Sample Data/Custom/secRMM_CL.json

1154 строки
42 KiB
JSON
Исходник Ответственный История

[
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:05:50.183Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "Property change",
"Time_s": "2/9/2020 4:05:49 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
"Drive_s": "",
"Volume_s": "",
"DeviceDescription_s": "",
"SerialNumber_s": "",
"Model_s": "",
"InternalID_s": "",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "AllowedSerialNumbers",
"PropertyAction_s": "cleared",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "secRMM_is_locked_down",
"ConfigurationTarget_s": "Computer",
"PropertyOperationStatus_s": "Completed",
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:12:35.188Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "Property change",
"Time_s": "2/9/2020 4:12:34 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
"Drive_s": "",
"Volume_s": "",
"DeviceDescription_s": "",
"SerialNumber_s": "",
"Model_s": "",
"InternalID_s": "",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "BlockOfficeMacrosOnDevice",
"PropertyAction_s": "created",
"PropertyValue_s": "on",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "Computer",
"PropertyOperationStatus_s": "Completed",
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:12:52.904Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "ONLINE",
"Time_s": "2/9/2020 4:12:52 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "",
"Drive_s": "E:",
"Volume_s": "\\Device\\HarddiskVolume10",
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
"SerialNumber_s": "4C530001060623106322",
"Model_s": "SanDisk Cruzer Glide USB Device",
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:12:55.829Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "BLOCK PROGRAMS ON DEVICE ACTIVE",
"Time_s": "2/9/2020 4:12:55 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
"Drive_s": "E:",
"Volume_s": "\\Device\\HarddiskVolume10",
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
"SerialNumber_s": "4C530001060623106322",
"Model_s": "SanDisk Cruzer Glide USB Device",
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": ""E:\\HOLD\\RunMe.cmd"",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "Command Line: E:\\HOLD",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:13:06.447Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "OFFLINE",
"Time_s": "2/9/2020 4:13:05 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "",
"Drive_s": "E:",
"Volume_s": "\\Device\\HarddiskVolume10",
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
"SerialNumber_s": "4C530001060623106322",
"Model_s": "SanDisk Cruzer Glide USB Device",
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:16:14.288Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "Property change",
"Time_s": "2/9/2020 4:16:13 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
"Drive_s": "",
"Volume_s": "",
"DeviceDescription_s": "",
"SerialNumber_s": "",
"Model_s": "",
"InternalID_s": "",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "RequireMDMEnrollment",
"PropertyAction_s": "unchanged",
"PropertyValue_s": "on Enrolled Intune UserIdPassword 805a3915-a0ac-4d2a-9ec8-4bb702169c30 fb1abf2e-1225-43c2-bb28-872c96acc816 anthony@anthonysquadratechnologies.onmicrosoft.com ***** OLD_pre9.9.22.0",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "Computer",
"PropertyOperationStatus_s": "Completed",
"AdditionalProgramInfo_s": "powershell",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:17:15.968Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "ONLINE",
"Time_s": "2/9/2020 4:17:14 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "",
"Drive_s": "Internal storage:",
"Volume_s": "\\Device\\000000ad",
"DeviceDescription_s": "motorola MOBILE Win32ext_WPD USB2.0",
"SerialNumber_s": "TA96507VNX",
"Model_s": "XT1028",
"InternalID_s": "\\\\?\\usb#vid_22b8&pid_2e76&mi_00#6&15281968&0&0000#{6ac27878-a6fa-4155-ba85-f98f491d4f33}",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "MDM Info: Intune MDM Name: Anthony_Android_10/2/2019_5:54 PM(f2892637-6396-4bf0-9e91-4c234dc41758), IMEI: A000002CE8F1D6, MEID: A000002CE8F1D6, Phone#: +*******6262, Carrier: Verizon, WifiMac: 1430c63d8103, User: Anthony LaMark2(Anthony@anthonysquadratechnologies.onmicrosoft.com), Compliant: compliant, JailBroken: false\n//===Intune Data===\n{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#deviceManagement/managedDevices"\n"@odata.count":1\n"value":[{"id":"f2892637-6396-4bf0-9e91-4c234dc41758"\n"userId":"7ffa4323-1e8c-45af-a826-655b4a85fe7b"\n"deviceName":"Anthony_Android_10/2/2019_5:54 PM"\n"managedDeviceOwnerType":"personal"\n"enrolledDateTime":"2019-10-02T17:54:50Z"\n"lastSyncDateTime":"2020-02-09T15:19:20Z"\n"operatingSystem":"Android"\n"complianceState":"compliant"\n"jailBroken":"false"\n"managementAgent":"mdm"\n"osVersion":"5.1"\n"easActivated":false\n"easDeviceId":"android/943649EC3500B1672482BBDE2CFA20E0"\n"easActivationDateTime":"0001-01-01T00:00:00Z"\n"azureADRegistered":true\n"deviceEnrollmentType":"userEnrollment"\n"activationLockBypassCode":null\n"emailAddress":""\n"azureADDeviceId":"e37c065b-d9be-4ed2-97b9-35e354b574ce"\n"deviceRegistrationState":"registered"\n"deviceCategoryDisplayName":"Unknown"\n"isSupervised":false\n"exchangeLastSuccessfulSyncDateTime":"0001-01-01T00:00:00Z"\n"exchangeAccessState":"none"\n"exchangeAccessStateReason":"none"\n"remoteAssistanceSessionUrl":null\n"remoteAssistanceSessionErrorDetails":null\n"isEncrypted":true\n"userPrincipalName":"Anthony@anthonysquadratechnologies.onmicrosoft.com"\n"model":"XT1028"\n"manufacturer":"motorola"\n"imei":"A000002CE8F1D6"\n"complianceGracePeriodExpirationDateTime":"9999-12-31T23:59:59Z"\n"serialNumber":"TA96507VNX"\n"phoneNumber":"+*******6262"\n"androidSecurityPatchLevel":""\n"userDisplayName":"Anthony LaMark2"\n"configurationManagerClientEnabledFeatures":null\n"wiFiMacAddress":"1430c63d8103"\n"deviceHealthAttestationState":null\n"subscriberCarrier":"Verizon"\n"meid":"A000002CE8F1D6"\n"totalStorageSpaceInBytes":0\n"freeStorageSpaceInBytes":0\n"managedDeviceName":"Anthony_Android_10/2/2019_5:54 PM"\n"partnerReportedThreatState":"unknown"\n"deviceActionResults":[]}]}",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:17:20.743Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "OFFLINE",
"Time_s": "2/9/2020 4:17:20 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "",
"Drive_s": "Internal storage:",
"Volume_s": "\\Device\\000000ad",
"DeviceDescription_s": "motorola MOBILE Win32ext_WPD USB2.0",
"SerialNumber_s": "TA96507VNX",
"Model_s": "XT1028",
"InternalID_s": "\\\\?\\usb#vid_22b8&pid_2e76&mi_00#6&15281968&0&0000#{6ac27878-a6fa-4155-ba85-f98f491d4f33}",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:18:17.197Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "OFFLINE",
"Time_s": "2/9/2020 4:18:16 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "",
"Drive_s": "Internal shared storage:",
"Volume_s": "\\Device\\000000b0",
"DeviceDescription_s": "Google MOBILE Win32ext_WPD USB2.0",
"SerialNumber_s": "FA7951A01459",
"Model_s": "Pixel 2",
"InternalID_s": "\\\\?\\usb#vid_18d1&pid_4ee2&mi_00#6&2a09dbaf&2&0000#{6ac27878-a6fa-4155-ba85-f98f491d4f33}",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:15:35.307Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "Property change",
"Time_s": "2/9/2020 4:15:34 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
"Drive_s": "",
"Volume_s": "",
"DeviceDescription_s": "",
"SerialNumber_s": "",
"Model_s": "",
"InternalID_s": "",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "BlockOfficeMacrosOnDevice",
"PropertyAction_s": "cleared",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "on",
"ConfigurationTarget_s": "Computer",
"PropertyOperationStatus_s": "Completed",
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:15:39.463Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "Property change",
"Time_s": "2/9/2020 4:15:38 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
"Drive_s": "",
"Volume_s": "",
"DeviceDescription_s": "",
"SerialNumber_s": "",
"Model_s": "",
"InternalID_s": "",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "BlockProgramsOnDevice",
"PropertyAction_s": "cleared",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "on",
"ConfigurationTarget_s": "Computer",
"PropertyOperationStatus_s": "Completed",
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:17:56.997Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "ONLINE",
"Time_s": "2/9/2020 4:17:56 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "",
"Drive_s": "Internal shared storage:",
"Volume_s": "\\Device\\000000b0",
"DeviceDescription_s": "Google MOBILE Win32ext_WPD USB2.0",
"SerialNumber_s": "FA7951A01459",
"Model_s": "Pixel 2",
"InternalID_s": "\\\\?\\usb#vid_18d1&pid_4ee2&mi_00#6&2a09dbaf&2&0000#{6ac27878-a6fa-4155-ba85-f98f491d4f33}",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "MDM Info: ERROR: SerialNumber: FA7951A01459 Mobile device is not MDM enrolled.",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:02:37.059Z",
"Computer": "SECRMMDEMO1",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "",
"Time_s": "",
"User_s": "Administrator",
"UserSID_s": "",
"Drive_s": "",
"Volume_s": "",
"DeviceDescription_s": "",
"SerialNumber_s": "",
"Model_s": "",
"InternalID_s": "",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "ProcessSendTest",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "Test Connection to Azure Log Analytics",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:05:10.283Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "SERIAL # AUTHORIZATION",
"Time_s": "2/9/2020 4:05:08 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
"Drive_s": "E:",
"Volume_s": "\\Device\\HarddiskVolume6",
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
"SerialNumber_s": "4C530001060623106322",
"Model_s": "SanDisk Cruzer Glide USB Device",
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
"TargetFile_s": "E:\\NewCustomers_Q1_2013.docx",
"SourceFile_s": "C:\\_MyCorporation\\NewCustomers_Q1_2013.docx",
"SourceFileSize_s": 11354,
"SourceFileLastWrite_s": "07/13/2016 12:39:06",
"ProgramName_s": "C:\\WINDOWS\\Explorer.EXE",
"ProgramPID_s": 9736,
"Message": "Authorized Serial Numbers List: secRMM_is_locked_down",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "COPY",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:04:04.71Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "ONLINE",
"Time_s": "2/9/2020 4:04:02 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "",
"Drive_s": "E:",
"Volume_s": "\\Device\\HarddiskVolume6",
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
"SerialNumber_s": "4C530001060623106322",
"Model_s": "SanDisk Cruzer Glide USB Device",
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:04:23.644Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "Property change",
"Time_s": "2/9/2020 4:04:22 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
"Drive_s": "",
"Volume_s": "",
"DeviceDescription_s": "",
"SerialNumber_s": "",
"Model_s": "",
"InternalID_s": "",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "AllowedSerialNumbers",
"PropertyAction_s": "created",
"PropertyValue_s": "secRMM_is_locked_down",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "Computer",
"PropertyOperationStatus_s": "Completed",
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:04:53.84Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "SERIAL # AUTHORIZATION",
"Time_s": "2/9/2020 4:04:52 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
"Drive_s": "E:",
"Volume_s": "\\Device\\HarddiskVolume6",
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
"SerialNumber_s": "4C530001060623106322",
"Model_s": "SanDisk Cruzer Glide USB Device",
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
"TargetFile_s": "E:\\Customer List Y2011.xlsx",
"SourceFile_s": "C:\\_MyCorporation\\Customer List Y2011.xlsx",
"SourceFileSize_s": 9156,
"SourceFileLastWrite_s": "07/13/2016 12:38:28",
"ProgramName_s": "C:\\WINDOWS\\Explorer.EXE",
"ProgramPID_s": 9736,
"Message": "Authorized Serial Numbers List: secRMM_is_locked_down",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "COPY",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:02:44.244Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "Property change",
"Time_s": "2/9/2020 4:02:40 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
"Drive_s": "",
"Volume_s": "",
"DeviceDescription_s": "",
"SerialNumber_s": "",
"Model_s": "",
"InternalID_s": "",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "SendToAzureLog",
"PropertyAction_s": "changed",
"PropertyValue_s": "7ff9d868-2404-4ba9-b01e-f29a75debeb3 ***** ONLINE,OFFLINE,WRITE SUCCESS,WRITE FAILURE,ADMINISTRATION,LICENSING",
"PreviousPropertyValue_s": "7ff9d868-2404-4ba9-b01e-f29a75debeb3 ***** ONLINE,OFFLINE,WRITE SUCCESS,WRITE FAILURE,ADMINISTRATION,LICENSING",
"ConfigurationTarget_s": "Computer",
"PropertyOperationStatus_s": "Completed",
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:07:44.291Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "ONLINE",
"Time_s": "2/9/2020 4:07:39 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "",
"Drive_s": "E:",
"Volume_s": "\\Device\\HarddiskVolume7",
"DeviceDescription_s": "Removable Disk ENCRYPTED BitLocker Removable Media Win32_LogicalDisk USB2.0",
"SerialNumber_s": "02B1DF9B",
"Model_s": "Generic Flash Disk USB Device",
"InternalID_s": "USBSTOR\\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\\02B1DF9B&0",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "BitLocker ProtectionStatus = Waiting for authentication.",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:11:43.605Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "OFFLINE",
"Time_s": "2/9/2020 4:11:42 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "",
"Drive_s": "E:",
"Volume_s": "\\Device\\HarddiskVolume9",
"DeviceDescription_s": "Removable Disk ENCRYPTED Removable Media Win32_LogicalDisk USB2.0",
"SerialNumber_s": "09840330132300001299",
"Model_s": "Apricorn Secure Key USB Device",
"InternalID_s": "USBSTOR\\DISK&VEN_APRICORN&PROD_SECURE_KEY&REV_1.00\\09840330132300001299&0",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:05:24.693Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "SERIAL # AUTHORIZATION",
"Time_s": "2/9/2020 4:05:23 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
"Drive_s": "E:",
"Volume_s": "\\Device\\HarddiskVolume6",
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
"SerialNumber_s": "4C530001060623106322",
"Model_s": "SanDisk Cruzer Glide USB Device",
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
"TargetFile_s": "E:\\Sales for Q4 2019.xlsx",
"SourceFile_s": "C:\\_MyCorporation\\Sales for Q4 2019.xlsx",
"SourceFileSize_s": 9140,
"SourceFileLastWrite_s": "04/03/2017 10:33:28",
"ProgramName_s": "C:\\WINDOWS\\Explorer.EXE",
"ProgramPID_s": 9736,
"Message": "Authorized Serial Numbers List: secRMM_is_locked_down",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "COPY",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:06:05.359Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "WRITE COMPLETED",
"Time_s": "2/9/2020 4:06:04 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
"Drive_s": "E:",
"Volume_s": "\\Device\\HarddiskVolume6",
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
"SerialNumber_s": "4C530001060623106322",
"Model_s": "SanDisk Cruzer Glide USB Device",
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
"TargetFile_s": "E:\\Sales for Q4 2019.xlsx",
"SourceFile_s": "C:\\_MyCorporation\\Sales for Q4 2019.xlsx",
"SourceFileSize_s": 9140,
"SourceFileLastWrite_s": "04/03/2017 10:33:28",
"ProgramName_s": "C:\\WINDOWS\\Explorer.EXE",
"ProgramPID_s": 9736,
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "COPY",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:06:19.641Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "OFFLINE",
"Time_s": "2/9/2020 4:06:18 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "",
"Drive_s": "E:",
"Volume_s": "\\Device\\HarddiskVolume6",
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
"SerialNumber_s": "4C530001060623106322",
"Model_s": "SanDisk Cruzer Glide USB Device",
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:07:52.447Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "ONLINE",
"Time_s": "2/9/2020 4:07:51 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "",
"Drive_s": "E:",
"Volume_s": "\\Device\\HarddiskVolume7",
"DeviceDescription_s": "Removable Disk ENCRYPTED BitLocker Removable Media Win32_LogicalDisk USB2.0",
"SerialNumber_s": "02B1DF9B",
"Model_s": "Generic Flash Disk USB Device",
"InternalID_s": "USBSTOR\\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\\02B1DF9B&0",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "BitLocker Authentication performed.",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:08:02.66Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "OFFLINE",
"Time_s": "2/9/2020 4:08:02 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "",
"Drive_s": "E:",
"Volume_s": "\\Device\\HarddiskVolume7",
"DeviceDescription_s": "Removable Disk ENCRYPTED BitLocker Removable Media Win32_LogicalDisk USB2.0",
"SerialNumber_s": "02B1DF9B",
"Model_s": "Generic Flash Disk USB Device",
"InternalID_s": "USBSTOR\\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\\02B1DF9B&0",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:08:18.512Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "Property change",
"Time_s": "2/9/2020 4:08:17 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
"Drive_s": "",
"Volume_s": "",
"DeviceDescription_s": "",
"SerialNumber_s": "",
"Model_s": "",
"InternalID_s": "",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "ScanDevice",
"PropertyAction_s": "created",
"PropertyValue_s": "on",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "Computer",
"PropertyOperationStatus_s": "Completed",
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:08:28.009Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "ONLINE",
"Time_s": "2/9/2020 4:08:25 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "",
"Drive_s": "E:",
"Volume_s": "\\Device\\HarddiskVolume8",
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
"SerialNumber_s": "4C530001060623106322",
"Model_s": "SanDisk Cruzer Glide USB Device",
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:08:47.47Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "OFFLINE",
"Time_s": "2/9/2020 4:08:46 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "",
"Drive_s": "E:",
"Volume_s": "\\Device\\HarddiskVolume8",
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
"SerialNumber_s": "4C530001060623106322",
"Model_s": "SanDisk Cruzer Glide USB Device",
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:11:28.081Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "ONLINE",
"Time_s": "2/9/2020 4:11:27 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "",
"Drive_s": "E:",
"Volume_s": "\\Device\\HarddiskVolume9",
"DeviceDescription_s": "Removable Disk ENCRYPTED Removable Media Win32_LogicalDisk USB2.0",
"SerialNumber_s": "09840330132300001299",
"Model_s": "Apricorn Secure Key USB Device",
"InternalID_s": "USBSTOR\\DISK&VEN_APRICORN&PROD_SECURE_KEY&REV_1.00\\09840330132300001299&0",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "",
"PropertyAction_s": "",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "",
"PropertyOperationStatus_s": "",
"AdditionalProgramInfo_s": "",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:12:29.624Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "Property change",
"Time_s": "2/9/2020 4:12:29 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
"Drive_s": "",
"Volume_s": "",
"DeviceDescription_s": "",
"SerialNumber_s": "",
"Model_s": "",
"InternalID_s": "",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "ScanDevice",
"PropertyAction_s": "cleared",
"PropertyValue_s": "",
"PreviousPropertyValue_s": "on",
"ConfigurationTarget_s": "Computer",
"PropertyOperationStatus_s": "Completed",
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:12:39.928Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "Property change",
"Time_s": "2/9/2020 4:12:39 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
"Drive_s": "",
"Volume_s": "",
"DeviceDescription_s": "",
"SerialNumber_s": "",
"Model_s": "",
"InternalID_s": "",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "BlockProgramsOnDevice",
"PropertyAction_s": "created",
"PropertyValue_s": "on",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "Computer",
"PropertyOperationStatus_s": "Completed",
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
"Type": "secRMM_CL",
"_ResourceId": ""
},
{
"TenantId": "00000000-0000-0000-0000-000000000000",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-02-09T16:15:57.992Z",
"Computer": "secRMMDemo1.CONTOSO.com",
"RawData": "",
"SerialNumber_g": "",
"Event_s": "Property change",
"Time_s": "2/9/2020 4:15:56 PM",
"User_s": "CONTOSO\\Administrator",
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
"Drive_s": "",
"Volume_s": "",
"DeviceDescription_s": "",
"SerialNumber_s": "",
"Model_s": "",
"InternalID_s": "",
"TargetFile_s": "",
"SourceFile_s": "",
"SourceFileSize_s": "",
"SourceFileLastWrite_s": "",
"ProgramName_s": "",
"ProgramPID_s": "",
"Message": "",
"PropertyName_s": "RequireMDMEnrollment",
"PropertyAction_s": "created",
"PropertyValue_s": "on Enrolled Intune UserIdPassword 805a3915-a0ac-4d2a-9ec8-4bb702169c30 fb1abf2e-1225-43c2-bb28-872c96acc816 anthony@anthonysquadratechnologies.onmicrosoft.com ***** OLD_pre9.9.22.0",
"PreviousPropertyValue_s": "",
"ConfigurationTarget_s": "Computer",
"PropertyOperationStatus_s": "Completed",
"AdditionalProgramInfo_s": "powershell",
"Type": "secRMM_CL",
"_ResourceId": ""
}
]
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку