1154 строки
42 KiB
JSON
1154 строки
42 KiB
JSON
[
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:05:50.183Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "Property change",
|
|
"Time_s": "2/9/2020 4:05:49 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
|
|
"Drive_s": "",
|
|
"Volume_s": "",
|
|
"DeviceDescription_s": "",
|
|
"SerialNumber_s": "",
|
|
"Model_s": "",
|
|
"InternalID_s": "",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "AllowedSerialNumbers",
|
|
"PropertyAction_s": "cleared",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "secRMM_is_locked_down",
|
|
"ConfigurationTarget_s": "Computer",
|
|
"PropertyOperationStatus_s": "Completed",
|
|
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:12:35.188Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "Property change",
|
|
"Time_s": "2/9/2020 4:12:34 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
|
|
"Drive_s": "",
|
|
"Volume_s": "",
|
|
"DeviceDescription_s": "",
|
|
"SerialNumber_s": "",
|
|
"Model_s": "",
|
|
"InternalID_s": "",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "BlockOfficeMacrosOnDevice",
|
|
"PropertyAction_s": "created",
|
|
"PropertyValue_s": "on",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "Computer",
|
|
"PropertyOperationStatus_s": "Completed",
|
|
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:12:52.904Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "ONLINE",
|
|
"Time_s": "2/9/2020 4:12:52 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "",
|
|
"Drive_s": "E:",
|
|
"Volume_s": "\\Device\\HarddiskVolume10",
|
|
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
|
|
"SerialNumber_s": "4C530001060623106322",
|
|
"Model_s": "SanDisk Cruzer Glide USB Device",
|
|
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:12:55.829Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "BLOCK PROGRAMS ON DEVICE ACTIVE",
|
|
"Time_s": "2/9/2020 4:12:55 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
|
|
"Drive_s": "E:",
|
|
"Volume_s": "\\Device\\HarddiskVolume10",
|
|
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
|
|
"SerialNumber_s": "4C530001060623106322",
|
|
"Model_s": "SanDisk Cruzer Glide USB Device",
|
|
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": ""E:\\HOLD\\RunMe.cmd"",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "Command Line: E:\\HOLD",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:13:06.447Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "OFFLINE",
|
|
"Time_s": "2/9/2020 4:13:05 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "",
|
|
"Drive_s": "E:",
|
|
"Volume_s": "\\Device\\HarddiskVolume10",
|
|
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
|
|
"SerialNumber_s": "4C530001060623106322",
|
|
"Model_s": "SanDisk Cruzer Glide USB Device",
|
|
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:16:14.288Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "Property change",
|
|
"Time_s": "2/9/2020 4:16:13 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
|
|
"Drive_s": "",
|
|
"Volume_s": "",
|
|
"DeviceDescription_s": "",
|
|
"SerialNumber_s": "",
|
|
"Model_s": "",
|
|
"InternalID_s": "",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "RequireMDMEnrollment",
|
|
"PropertyAction_s": "unchanged",
|
|
"PropertyValue_s": "on Enrolled Intune UserIdPassword 805a3915-a0ac-4d2a-9ec8-4bb702169c30 fb1abf2e-1225-43c2-bb28-872c96acc816 anthony@anthonysquadratechnologies.onmicrosoft.com ***** OLD_pre9.9.22.0",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "Computer",
|
|
"PropertyOperationStatus_s": "Completed",
|
|
"AdditionalProgramInfo_s": "powershell",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:17:15.968Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "ONLINE",
|
|
"Time_s": "2/9/2020 4:17:14 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "",
|
|
"Drive_s": "Internal storage:",
|
|
"Volume_s": "\\Device\\000000ad",
|
|
"DeviceDescription_s": "motorola MOBILE Win32ext_WPD USB2.0",
|
|
"SerialNumber_s": "TA96507VNX",
|
|
"Model_s": "XT1028",
|
|
"InternalID_s": "\\\\?\\usb#vid_22b8&pid_2e76&mi_00#6&15281968&0&0000#{6ac27878-a6fa-4155-ba85-f98f491d4f33}",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "MDM Info: Intune MDM Name: Anthony_Android_10/2/2019_5:54 PM(f2892637-6396-4bf0-9e91-4c234dc41758), IMEI: A000002CE8F1D6, MEID: A000002CE8F1D6, Phone#: +*******6262, Carrier: Verizon, WifiMac: 1430c63d8103, User: Anthony LaMark2(Anthony@anthonysquadratechnologies.onmicrosoft.com), Compliant: compliant, JailBroken: false\n//===Intune Data===\n{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#deviceManagement/managedDevices"\n"@odata.count":1\n"value":[{"id":"f2892637-6396-4bf0-9e91-4c234dc41758"\n"userId":"7ffa4323-1e8c-45af-a826-655b4a85fe7b"\n"deviceName":"Anthony_Android_10/2/2019_5:54 PM"\n"managedDeviceOwnerType":"personal"\n"enrolledDateTime":"2019-10-02T17:54:50Z"\n"lastSyncDateTime":"2020-02-09T15:19:20Z"\n"operatingSystem":"Android"\n"complianceState":"compliant"\n"jailBroken":"false"\n"managementAgent":"mdm"\n"osVersion":"5.1"\n"easActivated":false\n"easDeviceId":"android/943649EC3500B1672482BBDE2CFA20E0"\n"easActivationDateTime":"0001-01-01T00:00:00Z"\n"azureADRegistered":true\n"deviceEnrollmentType":"userEnrollment"\n"activationLockBypassCode":null\n"emailAddress":""\n"azureADDeviceId":"e37c065b-d9be-4ed2-97b9-35e354b574ce"\n"deviceRegistrationState":"registered"\n"deviceCategoryDisplayName":"Unknown"\n"isSupervised":false\n"exchangeLastSuccessfulSyncDateTime":"0001-01-01T00:00:00Z"\n"exchangeAccessState":"none"\n"exchangeAccessStateReason":"none"\n"remoteAssistanceSessionUrl":null\n"remoteAssistanceSessionErrorDetails":null\n"isEncrypted":true\n"userPrincipalName":"Anthony@anthonysquadratechnologies.onmicrosoft.com"\n"model":"XT1028"\n"manufacturer":"motorola"\n"imei":"A000002CE8F1D6"\n"complianceGracePeriodExpirationDateTime":"9999-12-31T23:59:59Z"\n"serialNumber":"TA96507VNX"\n"phoneNumber":"+*******6262"\n"androidSecurityPatchLevel":""\n"userDisplayName":"Anthony LaMark2"\n"configurationManagerClientEnabledFeatures":null\n"wiFiMacAddress":"1430c63d8103"\n"deviceHealthAttestationState":null\n"subscriberCarrier":"Verizon"\n"meid":"A000002CE8F1D6"\n"totalStorageSpaceInBytes":0\n"freeStorageSpaceInBytes":0\n"managedDeviceName":"Anthony_Android_10/2/2019_5:54 PM"\n"partnerReportedThreatState":"unknown"\n"deviceActionResults":[]}]}",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:17:20.743Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "OFFLINE",
|
|
"Time_s": "2/9/2020 4:17:20 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "",
|
|
"Drive_s": "Internal storage:",
|
|
"Volume_s": "\\Device\\000000ad",
|
|
"DeviceDescription_s": "motorola MOBILE Win32ext_WPD USB2.0",
|
|
"SerialNumber_s": "TA96507VNX",
|
|
"Model_s": "XT1028",
|
|
"InternalID_s": "\\\\?\\usb#vid_22b8&pid_2e76&mi_00#6&15281968&0&0000#{6ac27878-a6fa-4155-ba85-f98f491d4f33}",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:18:17.197Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "OFFLINE",
|
|
"Time_s": "2/9/2020 4:18:16 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "",
|
|
"Drive_s": "Internal shared storage:",
|
|
"Volume_s": "\\Device\\000000b0",
|
|
"DeviceDescription_s": "Google MOBILE Win32ext_WPD USB2.0",
|
|
"SerialNumber_s": "FA7951A01459",
|
|
"Model_s": "Pixel 2",
|
|
"InternalID_s": "\\\\?\\usb#vid_18d1&pid_4ee2&mi_00#6&2a09dbaf&2&0000#{6ac27878-a6fa-4155-ba85-f98f491d4f33}",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:15:35.307Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "Property change",
|
|
"Time_s": "2/9/2020 4:15:34 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
|
|
"Drive_s": "",
|
|
"Volume_s": "",
|
|
"DeviceDescription_s": "",
|
|
"SerialNumber_s": "",
|
|
"Model_s": "",
|
|
"InternalID_s": "",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "BlockOfficeMacrosOnDevice",
|
|
"PropertyAction_s": "cleared",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "on",
|
|
"ConfigurationTarget_s": "Computer",
|
|
"PropertyOperationStatus_s": "Completed",
|
|
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:15:39.463Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "Property change",
|
|
"Time_s": "2/9/2020 4:15:38 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
|
|
"Drive_s": "",
|
|
"Volume_s": "",
|
|
"DeviceDescription_s": "",
|
|
"SerialNumber_s": "",
|
|
"Model_s": "",
|
|
"InternalID_s": "",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "BlockProgramsOnDevice",
|
|
"PropertyAction_s": "cleared",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "on",
|
|
"ConfigurationTarget_s": "Computer",
|
|
"PropertyOperationStatus_s": "Completed",
|
|
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:17:56.997Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "ONLINE",
|
|
"Time_s": "2/9/2020 4:17:56 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "",
|
|
"Drive_s": "Internal shared storage:",
|
|
"Volume_s": "\\Device\\000000b0",
|
|
"DeviceDescription_s": "Google MOBILE Win32ext_WPD USB2.0",
|
|
"SerialNumber_s": "FA7951A01459",
|
|
"Model_s": "Pixel 2",
|
|
"InternalID_s": "\\\\?\\usb#vid_18d1&pid_4ee2&mi_00#6&2a09dbaf&2&0000#{6ac27878-a6fa-4155-ba85-f98f491d4f33}",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "MDM Info: ERROR: SerialNumber: FA7951A01459 Mobile device is not MDM enrolled.",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:02:37.059Z",
|
|
"Computer": "SECRMMDEMO1",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "",
|
|
"Time_s": "",
|
|
"User_s": "Administrator",
|
|
"UserSID_s": "",
|
|
"Drive_s": "",
|
|
"Volume_s": "",
|
|
"DeviceDescription_s": "",
|
|
"SerialNumber_s": "",
|
|
"Model_s": "",
|
|
"InternalID_s": "",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "ProcessSendTest",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "Test Connection to Azure Log Analytics",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:05:10.283Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "SERIAL # AUTHORIZATION",
|
|
"Time_s": "2/9/2020 4:05:08 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
|
|
"Drive_s": "E:",
|
|
"Volume_s": "\\Device\\HarddiskVolume6",
|
|
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
|
|
"SerialNumber_s": "4C530001060623106322",
|
|
"Model_s": "SanDisk Cruzer Glide USB Device",
|
|
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
|
|
"TargetFile_s": "E:\\NewCustomers_Q1_2013.docx",
|
|
"SourceFile_s": "C:\\_MyCorporation\\NewCustomers_Q1_2013.docx",
|
|
"SourceFileSize_s": 11354,
|
|
"SourceFileLastWrite_s": "07/13/2016 12:39:06",
|
|
"ProgramName_s": "C:\\WINDOWS\\Explorer.EXE",
|
|
"ProgramPID_s": 9736,
|
|
"Message": "Authorized Serial Numbers List: secRMM_is_locked_down",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "COPY",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:04:04.71Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "ONLINE",
|
|
"Time_s": "2/9/2020 4:04:02 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "",
|
|
"Drive_s": "E:",
|
|
"Volume_s": "\\Device\\HarddiskVolume6",
|
|
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
|
|
"SerialNumber_s": "4C530001060623106322",
|
|
"Model_s": "SanDisk Cruzer Glide USB Device",
|
|
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:04:23.644Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "Property change",
|
|
"Time_s": "2/9/2020 4:04:22 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
|
|
"Drive_s": "",
|
|
"Volume_s": "",
|
|
"DeviceDescription_s": "",
|
|
"SerialNumber_s": "",
|
|
"Model_s": "",
|
|
"InternalID_s": "",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "AllowedSerialNumbers",
|
|
"PropertyAction_s": "created",
|
|
"PropertyValue_s": "secRMM_is_locked_down",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "Computer",
|
|
"PropertyOperationStatus_s": "Completed",
|
|
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:04:53.84Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "SERIAL # AUTHORIZATION",
|
|
"Time_s": "2/9/2020 4:04:52 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
|
|
"Drive_s": "E:",
|
|
"Volume_s": "\\Device\\HarddiskVolume6",
|
|
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
|
|
"SerialNumber_s": "4C530001060623106322",
|
|
"Model_s": "SanDisk Cruzer Glide USB Device",
|
|
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
|
|
"TargetFile_s": "E:\\Customer List Y2011.xlsx",
|
|
"SourceFile_s": "C:\\_MyCorporation\\Customer List Y2011.xlsx",
|
|
"SourceFileSize_s": 9156,
|
|
"SourceFileLastWrite_s": "07/13/2016 12:38:28",
|
|
"ProgramName_s": "C:\\WINDOWS\\Explorer.EXE",
|
|
"ProgramPID_s": 9736,
|
|
"Message": "Authorized Serial Numbers List: secRMM_is_locked_down",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "COPY",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:02:44.244Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "Property change",
|
|
"Time_s": "2/9/2020 4:02:40 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
|
|
"Drive_s": "",
|
|
"Volume_s": "",
|
|
"DeviceDescription_s": "",
|
|
"SerialNumber_s": "",
|
|
"Model_s": "",
|
|
"InternalID_s": "",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "SendToAzureLog",
|
|
"PropertyAction_s": "changed",
|
|
"PropertyValue_s": "7ff9d868-2404-4ba9-b01e-f29a75debeb3 ***** ONLINE,OFFLINE,WRITE SUCCESS,WRITE FAILURE,ADMINISTRATION,LICENSING",
|
|
"PreviousPropertyValue_s": "7ff9d868-2404-4ba9-b01e-f29a75debeb3 ***** ONLINE,OFFLINE,WRITE SUCCESS,WRITE FAILURE,ADMINISTRATION,LICENSING",
|
|
"ConfigurationTarget_s": "Computer",
|
|
"PropertyOperationStatus_s": "Completed",
|
|
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:07:44.291Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "ONLINE",
|
|
"Time_s": "2/9/2020 4:07:39 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "",
|
|
"Drive_s": "E:",
|
|
"Volume_s": "\\Device\\HarddiskVolume7",
|
|
"DeviceDescription_s": "Removable Disk ENCRYPTED BitLocker Removable Media Win32_LogicalDisk USB2.0",
|
|
"SerialNumber_s": "02B1DF9B",
|
|
"Model_s": "Generic Flash Disk USB Device",
|
|
"InternalID_s": "USBSTOR\\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\\02B1DF9B&0",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "BitLocker ProtectionStatus = Waiting for authentication.",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:11:43.605Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "OFFLINE",
|
|
"Time_s": "2/9/2020 4:11:42 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "",
|
|
"Drive_s": "E:",
|
|
"Volume_s": "\\Device\\HarddiskVolume9",
|
|
"DeviceDescription_s": "Removable Disk ENCRYPTED Removable Media Win32_LogicalDisk USB2.0",
|
|
"SerialNumber_s": "09840330132300001299",
|
|
"Model_s": "Apricorn Secure Key USB Device",
|
|
"InternalID_s": "USBSTOR\\DISK&VEN_APRICORN&PROD_SECURE_KEY&REV_1.00\\09840330132300001299&0",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:05:24.693Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "SERIAL # AUTHORIZATION",
|
|
"Time_s": "2/9/2020 4:05:23 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
|
|
"Drive_s": "E:",
|
|
"Volume_s": "\\Device\\HarddiskVolume6",
|
|
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
|
|
"SerialNumber_s": "4C530001060623106322",
|
|
"Model_s": "SanDisk Cruzer Glide USB Device",
|
|
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
|
|
"TargetFile_s": "E:\\Sales for Q4 2019.xlsx",
|
|
"SourceFile_s": "C:\\_MyCorporation\\Sales for Q4 2019.xlsx",
|
|
"SourceFileSize_s": 9140,
|
|
"SourceFileLastWrite_s": "04/03/2017 10:33:28",
|
|
"ProgramName_s": "C:\\WINDOWS\\Explorer.EXE",
|
|
"ProgramPID_s": 9736,
|
|
"Message": "Authorized Serial Numbers List: secRMM_is_locked_down",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "COPY",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:06:05.359Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "WRITE COMPLETED",
|
|
"Time_s": "2/9/2020 4:06:04 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
|
|
"Drive_s": "E:",
|
|
"Volume_s": "\\Device\\HarddiskVolume6",
|
|
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
|
|
"SerialNumber_s": "4C530001060623106322",
|
|
"Model_s": "SanDisk Cruzer Glide USB Device",
|
|
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
|
|
"TargetFile_s": "E:\\Sales for Q4 2019.xlsx",
|
|
"SourceFile_s": "C:\\_MyCorporation\\Sales for Q4 2019.xlsx",
|
|
"SourceFileSize_s": 9140,
|
|
"SourceFileLastWrite_s": "04/03/2017 10:33:28",
|
|
"ProgramName_s": "C:\\WINDOWS\\Explorer.EXE",
|
|
"ProgramPID_s": 9736,
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "COPY",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:06:19.641Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "OFFLINE",
|
|
"Time_s": "2/9/2020 4:06:18 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "",
|
|
"Drive_s": "E:",
|
|
"Volume_s": "\\Device\\HarddiskVolume6",
|
|
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
|
|
"SerialNumber_s": "4C530001060623106322",
|
|
"Model_s": "SanDisk Cruzer Glide USB Device",
|
|
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:07:52.447Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "ONLINE",
|
|
"Time_s": "2/9/2020 4:07:51 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "",
|
|
"Drive_s": "E:",
|
|
"Volume_s": "\\Device\\HarddiskVolume7",
|
|
"DeviceDescription_s": "Removable Disk ENCRYPTED BitLocker Removable Media Win32_LogicalDisk USB2.0",
|
|
"SerialNumber_s": "02B1DF9B",
|
|
"Model_s": "Generic Flash Disk USB Device",
|
|
"InternalID_s": "USBSTOR\\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\\02B1DF9B&0",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "BitLocker Authentication performed.",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:08:02.66Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "OFFLINE",
|
|
"Time_s": "2/9/2020 4:08:02 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "",
|
|
"Drive_s": "E:",
|
|
"Volume_s": "\\Device\\HarddiskVolume7",
|
|
"DeviceDescription_s": "Removable Disk ENCRYPTED BitLocker Removable Media Win32_LogicalDisk USB2.0",
|
|
"SerialNumber_s": "02B1DF9B",
|
|
"Model_s": "Generic Flash Disk USB Device",
|
|
"InternalID_s": "USBSTOR\\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\\02B1DF9B&0",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:08:18.512Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "Property change",
|
|
"Time_s": "2/9/2020 4:08:17 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
|
|
"Drive_s": "",
|
|
"Volume_s": "",
|
|
"DeviceDescription_s": "",
|
|
"SerialNumber_s": "",
|
|
"Model_s": "",
|
|
"InternalID_s": "",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "ScanDevice",
|
|
"PropertyAction_s": "created",
|
|
"PropertyValue_s": "on",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "Computer",
|
|
"PropertyOperationStatus_s": "Completed",
|
|
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:08:28.009Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "ONLINE",
|
|
"Time_s": "2/9/2020 4:08:25 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "",
|
|
"Drive_s": "E:",
|
|
"Volume_s": "\\Device\\HarddiskVolume8",
|
|
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
|
|
"SerialNumber_s": "4C530001060623106322",
|
|
"Model_s": "SanDisk Cruzer Glide USB Device",
|
|
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:08:47.47Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "OFFLINE",
|
|
"Time_s": "2/9/2020 4:08:46 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "",
|
|
"Drive_s": "E:",
|
|
"Volume_s": "\\Device\\HarddiskVolume8",
|
|
"DeviceDescription_s": "Removable Disk Removable Media Win32_LogicalDisk USB2.0",
|
|
"SerialNumber_s": "4C530001060623106322",
|
|
"Model_s": "SanDisk Cruzer Glide USB Device",
|
|
"InternalID_s": "USBSTOR\\DISK&VEN_SANDISK&PROD_CRUZER_GLIDE&REV_1.00\\4C530001060623106322&0",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:11:28.081Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "ONLINE",
|
|
"Time_s": "2/9/2020 4:11:27 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "",
|
|
"Drive_s": "E:",
|
|
"Volume_s": "\\Device\\HarddiskVolume9",
|
|
"DeviceDescription_s": "Removable Disk ENCRYPTED Removable Media Win32_LogicalDisk USB2.0",
|
|
"SerialNumber_s": "09840330132300001299",
|
|
"Model_s": "Apricorn Secure Key USB Device",
|
|
"InternalID_s": "USBSTOR\\DISK&VEN_APRICORN&PROD_SECURE_KEY&REV_1.00\\09840330132300001299&0",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "",
|
|
"PropertyAction_s": "",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "",
|
|
"PropertyOperationStatus_s": "",
|
|
"AdditionalProgramInfo_s": "",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:12:29.624Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "Property change",
|
|
"Time_s": "2/9/2020 4:12:29 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
|
|
"Drive_s": "",
|
|
"Volume_s": "",
|
|
"DeviceDescription_s": "",
|
|
"SerialNumber_s": "",
|
|
"Model_s": "",
|
|
"InternalID_s": "",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "ScanDevice",
|
|
"PropertyAction_s": "cleared",
|
|
"PropertyValue_s": "",
|
|
"PreviousPropertyValue_s": "on",
|
|
"ConfigurationTarget_s": "Computer",
|
|
"PropertyOperationStatus_s": "Completed",
|
|
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:12:39.928Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "Property change",
|
|
"Time_s": "2/9/2020 4:12:39 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
|
|
"Drive_s": "",
|
|
"Volume_s": "",
|
|
"DeviceDescription_s": "",
|
|
"SerialNumber_s": "",
|
|
"Model_s": "",
|
|
"InternalID_s": "",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "BlockProgramsOnDevice",
|
|
"PropertyAction_s": "created",
|
|
"PropertyValue_s": "on",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "Computer",
|
|
"PropertyOperationStatus_s": "Completed",
|
|
"AdditionalProgramInfo_s": ""C:\\WINDOWS\\system32\\mmc.exe" "C:\\WINDOWS\\system32\\compmgmt.msc" /s",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
},
|
|
{
|
|
"TenantId": "00000000-0000-0000-0000-000000000000",
|
|
"SourceSystem": "RestAPI",
|
|
"MG": "",
|
|
"ManagementGroupName": "",
|
|
"TimeGenerated": "2020-02-09T16:15:57.992Z",
|
|
"Computer": "secRMMDemo1.CONTOSO.com",
|
|
"RawData": "",
|
|
"SerialNumber_g": "",
|
|
"Event_s": "Property change",
|
|
"Time_s": "2/9/2020 4:15:56 PM",
|
|
"User_s": "CONTOSO\\Administrator",
|
|
"UserSID_s": "S-1-5-21-194330278-343332919-2867172138-500",
|
|
"Drive_s": "",
|
|
"Volume_s": "",
|
|
"DeviceDescription_s": "",
|
|
"SerialNumber_s": "",
|
|
"Model_s": "",
|
|
"InternalID_s": "",
|
|
"TargetFile_s": "",
|
|
"SourceFile_s": "",
|
|
"SourceFileSize_s": "",
|
|
"SourceFileLastWrite_s": "",
|
|
"ProgramName_s": "",
|
|
"ProgramPID_s": "",
|
|
"Message": "",
|
|
"PropertyName_s": "RequireMDMEnrollment",
|
|
"PropertyAction_s": "created",
|
|
"PropertyValue_s": "on Enrolled Intune UserIdPassword 805a3915-a0ac-4d2a-9ec8-4bb702169c30 fb1abf2e-1225-43c2-bb28-872c96acc816 anthony@anthonysquadratechnologies.onmicrosoft.com ***** OLD_pre9.9.22.0",
|
|
"PreviousPropertyValue_s": "",
|
|
"ConfigurationTarget_s": "Computer",
|
|
"PropertyOperationStatus_s": "Completed",
|
|
"AdditionalProgramInfo_s": "powershell",
|
|
"Type": "secRMM_CL",
|
|
"_ResourceId": ""
|
|
}
|
|
] |