16 KiB
16 KiB
| 1 | TimeGenerated | DeviceVendor | DeviceEventClassID | LogSeverity | DestinationIP | DeviceName | SourceIP | DeviceVersion | Activity | DestinationHostName | ExternalID | SourceHostName | SourceUserName | DeviceCustomString4 | FlexNumber1 | FlexNumber2 | AdditionalExtensions | Type |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2 | 2020-03-23T04:56:44.907Z | Vectra Networks | hsc | 3 | 10.0.1.2 | device1 | 10.0.2.3 | 5.5 | Host Score Change | device22 | 27 | device1 | user1 | https://xyz.rt.tv/hosts/27 | 99 | 76 | cat=HOST SCORING;start=1584939404903;end=1584939404903 | CommonSecurityLog |
| 3 | 2020-03-23T04:56:44.906Z | Vectra Networks | asc | 3 | 10.0.2.3 | device2 | 10.0.3.5 | 5.5 | Account Score Change | device34 | 23 | device2 | admin | https://xyz.rt.tv/accounts/23 | 45 | 56 | cat=ACCOUNT SCORING;saccount=xyz.example.com;start=1584900305119;end=1584900305119 | CommonSecurityLog |
| 4 | 2020-03-23T04:56:43.907Z | Vectra Networks | campaigns | 3 | 10.0.2.5 | device3 | 10.0.5.6 | 5.5 | winatp-gw-cus.microsoft.com | device25 | 25 | device3 | user2 | https://xyz.rt.tv/campaigns/24 | 10 | 98 | at=CAMPAIGNS;reason=Connection | CommonSecurityLog |
| 5 | 2020-03-23T04:56:42.907Z | Vectra Networks | audit | 3 | 10.0.4.6 | device4 | 10.0.6.7 | 5.5 | user_action | device2 | 45 | device4 | user3 | 45 | 56 | cat=user_action;outcome=True | CommonSecurityLog | |
| 6 | 2020-03-23T04:56:41.907Z | Vectra Networks | health | 3 | 10.0.2.3 | device5 | 10.0.7.2 | 5.5 | outcome=success | device05 | 21 | device5 | user1 | 25 | 63 | heartbeat_check | CommonSecurityLog | |
| 7 | 2020-05-14T05:46:11.147Z | Vectra Networks | reverse_rat | 0 | 10.20.5.52 | dogfood.vectra.io | 10.13.150.52 | 5.7 | External Remote Access | ec2-100-20-5-52.us-west-2.compute.amazonaws.com | 44317 | d8:c4:6a:57:07:85 | admin | https://dogfood.vectra.io/detections/44317?detail_id\=561693 | 0 | 0 | cat=COMMAND & CONTROL;start=1585843645000;end=1589435013000 | CommonSecurityLog |
| 8 | 2020-05-13T23:59:47.193Z | Vectra Networks | frontwatch | 5 | 0.0.0.0 | dogfood.vectra.io | 12.168.128.13 | 5.7 | Multi-home Fronted Tunnel | 44556 | demisto-vhe-5.0.0-20-62 | user1 | https://dogfood.vectra.io/detections/44556?detail_id\=561536 | 54 | 75 | cat=COMMAND & CONTROL;start=1589404113000;end=1589414267000 | CommonSecurityLog | |
| 9 | 2020-05-14T03:18:19.16Z | Vectra Networks | smb_enum_share | 7 | 10.100.199.87 | x4-3-14.sc.tvec | 10.100.199.10 | 5.7 | File Share Enumeration | 38 | dc2-aws-us-west-01 | admin | https://x4-3-14.sc.tvec/detections/38?detail_id\=123 | 70 | 47 | cat=RECONNAISSANCE;start=1589426124000;end=1589426178000 | CommonSecurityLog | |
| 10 | 2020-05-14T05:46:29.577Z | Vectra Networks | hidden_http_tunnel_cnc | 3 | 14.209.123.148 | x4-3-14.sc.tvec | 10.168.90.103 | 5.7 | Hidden HTTP Tunnel | ec2-34-209-123-148.us-west-2.compute.amazonaws.com | 32 | Zanzibar | user2 | https://x4-3-14.sc.tvec/detections/32?detail_id\=201 | 37 | 59 | cat=COMMAND & CONTROL;start=1589424622000;end=1589435024000 | CommonSecurityLog |
| 11 | 2020-05-14T03:23:30.64Z | Vectra Networks | port_sweep | 5 | 0.0.0.0 | x4-3-14.sc.tvec | 10.100.199.10 | 5.7 | Port Sweep | 40 | dc2-aws-us-west-01 | user1 | https://x4-3-14.sc.tvec/detections/40?detail_id\=125 | 52 | 72 | cat=RECONNAISSANCE;start=1589425892000;end=1589426045000 | CommonSecurityLog | |
| 12 | 2020-05-14T01:14:37.297Z | Vectra Networks | darknet | 5 | 10.168.13.178 | x4-2-9.sc.tvec | 10.168.153.17 | 5.6 | Internal Darknet Scan | 132 | cr_leroy_brown | https://x4-2-9.sc.tvec/detections/132?detail_id\=712 | 50 | 52 | cat=RECONNAISSANCE;start=1589240446000;end=1589355443000 | CommonSecurityLog | ||
| 13 | 2020-05-14T05:34:43.93Z | Vectra Networks | hidden_https_tunnel_cnc | 0 | 15.66.140.169 | dogfood.vectra.io | 10.168.55.76 | 5.7 | Hidden HTTPS Tunnel | ed075b8f-ff30-4418-bd42-b37a61451a90.ods.opinsights.azure.com | 44563 | oms-azure | https://dogfood.vectra.io/detections/44563?detail_id\=561688 | 0 | 0 | cat=COMMAND & CONTROL;start=1589425685000;end=1589434339000 | CommonSecurityLog | |
| 14 | 2020-05-14T03:33:05.873Z | Vectra Networks | brute_force_i2i | 0 | 10.168.7.178 | dogfood.vectra.io | 10.168.54.247 | 5.7 | Brute-Force | sourcecode.tvec | 44470 | buildvm27.vectra.io | user1 | https://dogfood.vectra.io/detections/44470?detail_id\=561637 | 0 | 0 | cat=LATERAL MOVEMENT;start=1588475968000;end=1589425390000 | CommonSecurityLog |
| 15 | 2020-05-14T03:12:45.757Z | Vectra Networks | smb_psexec | 2 | 10.100.199.10 | x4-3-14.sc.tvec | 10.168.199.30 | 5.7 | Suspicious Remote Execution | 36 | Deacon-desktop | admin | https://x4-3-14.sc.tvec/detections/36?detail_id\=102 | 20 | 95 | cat=LATERAL MOVEMENT;start=1589425711000;end=1589425785000 | CommonSecurityLog | |
| 16 | 2020-05-14T02:22:15.027Z | Vectra Networks | ldap_recon | 2 | 10.168.90.2 | x4-3-14.sc.tvec | 10.168.90.101 | 5.7 | Suspicious LDAP Query | 27 | XianFS | user2 | https://x4-3-14.sc.tvec/detections/27?detail_id\=58 | 21 | 25 | cat=RECONNAISSANCE;start=1589422763000;end=1589422764000 | CommonSecurityLog | |
| 17 | 2020-05-14T03:17:18.6Z | Vectra Networks | port_scan | 6 | 10.168.60.61 | x4-3-14.sc.tvec | 10.168.30.189 | 5.7 | Port Scan | 33 | Cabot-desktop | https://x4-3-14.sc.tvec/detections/33?detail_id\=118 | 60 | 80 | cat=RECONNAISSANCE;start=1589424950000;end=1589425650000 | CommonSecurityLog | ||
| 18 | 2020-05-14T03:27:51.773Z | Vectra Networks | papi_rogue_admin | 7 | 0.0.0.0 | device6 | 5.7 | Privilege Anomaly: Unusual Service | 43 | user1 | https://x4-3-14.sc.tvec/detections/43?detail_id\=127 | 75 | 95 | cat=LATERAL MOVEMENT;account=deacon@lab.tme.local;start=1589426840000;end=1589426840000 | CommonSecurityLog | |||
| 19 | 2020-05-14T05:12:30.773Z | Vectra Networks | hidden_dns_tunnel_cnc | 1 | 10.168.90.2 | x4-3-14.sc.tvec | 10.168.90.103 | 5.7 | Hidden DNS Tunnel | 48 | Zanzibar | cognito | https://x4-3-14.sc.tvec/detections/48?detail_id\=193 | 19 | 14 | cat=COMMAND & CONTROL;start=1589431742000;end=1589432874000 | CommonSecurityLog | |
| 20 | 2020-05-14T05:27:34.37Z | Vectra Networks | cnc_dga | 1 | 8.8.8.8 | x4-3-14.sc.tvec | 10.168.173.204 | 5.7 | Suspect Domain Activity | mail.baffcaaccaacac.ru | 53 | IP-192.168.173.204 | https://x4-3-14.sc.tvec/detections/53?detail_id\=8 | 16 | 16 | cat=COMMAND & CONTROL;start=1589433969000;end=1589434015000 | CommonSecurityLog | |
| 21 | 2020-05-14T00:14:30.24Z | Vectra Networks | hidden_dns_tunnel_exfil | 4 | 10.168.55.10 | x4-3-14.sc.tvec | 10.168.51.6 | 5.7 | Hidden DNS Tunnel | snakeoil.biz | 12 | Jun-Long | admin | https://x4-3-14.sc.tvec/detections/12?detail_id\=23 | 42 | 78 | cat=EXFILTRATION;start=1589414902000;end=1589415109000 | CommonSecurityLog |
| 22 | 2020-05-14T05:01:12.407Z | Vectra Networks | smuggler | 0 | 10.10.150.122 | dogfood.vectra.io | 10.168.54.121 | 5.7 | Data Smuggler | 725338656596.dkr.ecr.us-west-2.amazonaws.com | 44506 | buildvm19.vectra.io | https://dogfood.vectra.io/detections/44506?detail_id\=561674 | 0 | 0 | cat=EXFILTRATION;start=1588892692000;end=1589432362000 | CommonSecurityLog | |
| 23 | 2020-05-14T02:07:41.607Z | Vectra Networks | papi_breach | 9 | 0.0.0.0 | device7 | 5.7 | Privilege Anomaly: Unusual Trio | 25 | https://x4-3-14.sc.tvec/detections/25?detail_id\=54 | 95 | 95 | cat=LATERAL MOVEMENT;account=svc-x45h8@corp.example.com;start=1589412661000;end=1589413687000 | CommonSecurityLog | ||||
| 24 | 2020-05-14T03:34:33.977Z | Vectra Networks | watchmen | 7 | 192.168.13.19 | x4-2-9.sc.tvec | 10.168.153.17 | 5.6 | Suspicious Admin | 133 | cr_leroy_brown | https://x4-2-9.sc.tvec/detections/133?detail_id\=713 | 70 | 73 | cat=LATERAL MOVEMENT;start=1589268477000;end=1589268477000 | CommonSecurityLog | ||
| 25 | 2020-05-14T00:09:53.887Z | Vectra Networks | sw_o365_paaAzureADAnomaly | 0 | 0.0.0.0 | device8 | 5.7 | O365 Suspicious AzureAD Operation | 44562 | user1 | https://dogfood.vectra.io/detections/44562?detail_id\=561547 | 6 | 25 | cat=LATERAL MOVEMENT;account=O365:aleader@vectra.ai;start=1589406327000;end=1589406327000 | CommonSecurityLog | |||
| 26 | 2020-05-14T01:59:45.857Z | Vectra Networks | rpc_recon | 3 | 0.0.0.0 | x4-3-14.sc.tvec | 192.168.150.100 | 5.7 | RPC Recon | 22 | Piper-desktop | https://x4-3-14.sc.tvec/detections/22?detail_id\=50 | 30 | 63 | cat=RECONNAISSANCE;start=1589421555000;end=1589421555000 | CommonSecurityLog | ||
| 27 | 2020-05-14T03:17:18.61Z | Vectra Networks | stage_loader | 8 | 10.100.199.10 | x4-3-14.sc.tvec | 192.168.199.30 | 5.7 | Internal Stage Loader | 37 | Deacon-desktop | https://x4-3-14.sc.tvec/detections/37?detail_id\=119 | 88 | 88 | cat=LATERAL MOVEMENT;start=1589425711000;end=1589425824000 | CommonSecurityLog | ||
| 28 | 2020-05-14T02:37:33.177Z | Vectra Networks | tor | 1 | 10.16.0.1 | x4-3-14.sc.tvec | 192.168.152.194 | 5.7 | TOR Activity | www.7tcqy6kttln6.com | 29 | IP-192.168.152.194 | admin | https://x4-3-14.sc.tvec/detections/29?detail_id\=63 | 14 | 13 | cat=COMMAND & CONTROL;start=1589423775000;end=1589423812000 | CommonSecurityLog |
| 29 | 2020-05-14T03:07:34.377Z | Vectra Networks | binaryloader | 7 | 37.230.114.67 | x4-3-14.sc.tvec | 192.168.173.101 | 5.7 | Malware Update | mail.baffcaaccaacac.ru | 35 | IP-192.168.173.101 | cognito | https://x4-3-14.sc.tvec/detections/35?detail_id\=96 | 70 | 78 | cat=COMMAND & CONTROL;start=1589425586000;end=1589425586000 | CommonSecurityLog |
| 30 | 2020-05-14T04:07:21.503Z | Vectra Networks | smb_ransomware | 9 | 192.168.12.5 | x4-3-14.sc.tvec | 192.168.152.194 | 5.7 | Ransomware File Activity | 46 | DJComp | user2 | https://x4-3-14.sc.tvec/detections/46?detail_id\=142 | 90 | 77 | cat=LATERAL MOVEMENT;start=1589423897000;end=1589429106000 | CommonSecurityLog | |
| 31 | 2020-05-14T05:05:28.97Z | Vectra Networks | smash_n_grab | 6 | 172.217.23.129 | x4-3-14.sc.tvec | 10.100.199.10 | 5.7 | Smash and Grab | 172.217.23.129 | 51 | dc2-aws-us-west-01 | https://x4-3-14.sc.tvec/detections/51?detail_id\=186 | 60 | 11 | cat=EXFILTRATION;start=1589430827000;end=1589432626000 | CommonSecurityLog | |
| 32 | 2020-05-14T05:14:01.22Z | Vectra Networks | hidden_https_tunnel_exfil | 9 | 172.217.23.129 | x4-3-14.sc.tvec | 10.100.199.10 | 5.7 | Hidden HTTPS Tunnel | fra16s18-in-f1.1e100.net | 52 | dc2-aws-us-west-01 | https://x4-3-14.sc.tvec/detections/52?detail_id\=194 | 95 | 80 | cat=EXFILTRATION;start=1589430827000;end=1589433101000 | CommonSecurityLog | |
| 33 | 2020-05-13T21:52:29.68Z | Vectra Networks | awb | 1 | 0.0.0.0 | x4-3-14.sc.tvec | 192.168.173.101 | 5.7 | Abnormal Web Activity | 5 | BThomas-Win7 | user1 | https://x4-3-14.sc.tvec/detections/5?detail_id\=13 | 10 | 25 | cat=BOTNET ACTIVITY;start=1589405636000;end=1589406251000 | CommonSecurityLog | |
| 34 | 2020-05-13T21:17:31.157Z | Vectra Networks | internal_spreading | 2 | 10.168.173.207 | x4-3-14.sc.tvec | 192.168.122.49 | 5.7 | Automated Replication | 2 | IP-192.168.122.49 | https://x4-3-14.sc.tvec/detections/2?detail_id\=5 | 22 | 22 | cat=LATERAL MOVEMENT;start=1589404574000;end=1589404601000 | CommonSecurityLog | ||
| 35 | 2020-05-13T08:31:27.43Z | Vectra Networks | out_dos | 1 | 11.1.1.2 | x4-3-14.sc.tvec | 192.168.196.9 | 5.6 | Outbound DoS | 29 | IP-192.168.196.9 | https://x4-3-14.sc.tvec/detections/29?detail_id\=51 | 10 | 56 | cat=BOTNET ACTIVITY;start=1589358623000;end=1589358629000 | CommonSecurityLog | ||
| 36 | 2020-05-13T08:54:32.61Z | Vectra Networks | shell_knocker_c2s | 0 | 12.168.255.254 | x4-3-14.sc.tvec | 192.168.173.101 | 5.6 | Shell Knocker Client | 31 | BThomas-Win7 | user1 | https://x4-3-14.sc.tvec/detections/31?detail_id\=53 | 5 | 5 | cat=LATERAL MOVEMENT;start=1589357035000;end=1589358136000 | CommonSecurityLog | |
| 37 | 2020-05-13T08:54:32.617Z | Vectra Networks | shell_knocker_s2c | 0 | 10.168.173.101 | x4-3-14.sc.tvec | 192.168.255.254 | 5.6 | Shell Knocker Server | 32 | edgefw01 | cognito | https://x4-3-14.sc.tvec/detections/32?detail_id\=54 | 5 | 5 | cat=LATERAL MOVEMENT;start=1589355953000;end=1589356635000 | CommonSecurityLog | |
| 38 | 2020-05-13T09:33:34.047Z | Vectra Networks | spam | 5 | 11.1.2.7 | x4-3-14.sc.tvec | 192.168.12.33 | 5.6 | Outbound Spam | 34 | IP-192.168.12.33 | admin | https://x4-3-14.sc.tvec/detections/34?detail_id\=56 | 50 | 95 | cat=BOTNET ACTIVITY;start=1589362339000;end=1589362372000 | CommonSecurityLog | |
| 39 | 2020-05-13T16:28:22.757Z | Vectra Networks | bitcoin | 1 | 10.243.44.230 | x4-2-17.sc.tvec | 192.168.173.201 | 5.6 | Cryptocurrency Mining | api.groupfabric.com | 130 | IP-192.168.173.201 | https://x4-2-17.sc.tvec/detections/130?detail_id\=513 | 10 | 90 | cat=BOTNET ACTIVITY;start=1589387249000;end=1589387249000 | CommonSecurityLog | |
| 40 | 2020-05-13T13:07:19.903Z | Vectra Networks | http_cnc | 4 | 10.108.142.138 | x4-3-14.sc.tvec | 192.168.193.15 | 5.6 | Suspicious HTTP | data.torntv.net | 41 | IP-192.168.193.15 | user2 | https://x4-3-14.sc.tvec/detections/41?detail_id\=84 | 40 | 60 | cat=COMMAND & CONTROL;start=1589375181000;end=1589375209000 | CommonSecurityLog |
| 41 | 2020-05-13T13:24:23.74Z | Vectra Networks | sql_inject | 5 | 10.168.14.73 | x4-3-14.sc.tvec | 192.168.174.114 | 5.6 | SQL Injection Activity | 42 | IP-192.168.174.114 | https://x4-3-14.sc.tvec/detections/42?detail_id\=86 | 50 | 77 | cat=LATERAL MOVEMENT;start=1589376192000;end=1589376215000 | CommonSecurityLog | ||
| 42 | 2020-05-13T21:27:33.413Z | Vectra Networks | click_fraud | 3 | 0.0.0.0 | x4-3-14.sc.tvec | 192.168.173.101 | 5.7 | Abnormal Ad Activity | 3 | IP-192.168.173.101 | user1 | https://x4-3-14.sc.tvec/detections/3?detail_id\=7 | 30 | 10 | cat=BOTNET ACTIVITY;start=1589404267000;end=1589404865000 | CommonSecurityLog | |
| 43 | 2020-05-13T16:40:57.17Z | Vectra Networks | stealth_post | 5 | 12.114.143.248 | x4-3-14.sc.tvec | 192.168.101.101 | 5.6 | Stealth HTTP Post | iqingjiangmiyu.com | 44 | IP-192.168.101.101 | https://x4-3-14.sc.tvec/detections/44?detail_id\=89 | 50 | 94 | cat=COMMAND & CONTROL;start=1589387943000;end=1589387943000 | CommonSecurityLog | |
| 44 | 2020-05-13T09:05:27.903Z | Vectra Networks | out_port_sweep | 5 | 0.0.0.0 | x4-3-14.sc.tvec | 192.168.152.194 | 5.6 | Outbound Port Sweep | 33 | DJComp | https://x4-3-14.sc.tvec/detections/33?detail_id\=55 | 50 | 95 | cat=BOTNET ACTIVITY;start=1589352122000;end=1589353668000 | CommonSecurityLog | ||
| 45 | 2020-05-11T11:22:40.99Z | Vectra Networks | rdp_recon | 7 | 10.168.14.73 | x4-2-9.sc.tvec | 192.168.76.22 | 5.6 | RDP Recon | 97 | IP-192.168.76.22 | https://x4-2-9.sc.tvec/detections/97?detail_id\=483 | 70 | 95 | cat=RECONNAISSANCE;start=1589195829000;end=1589196140000 | CommonSecurityLog | ||
| 46 | 2020-05-07T06:49:07.023Z | Vectra Networks | brute_force_i2o | 1 | 11.1.2.18 | x4-2-9.sc.tvec | 172.16.199.72 | 5.6 | Brute-Force | foo.com | 129 | IP-172.16.199.72 | https://x4-2-9.sc.tvec/detections/129?detail_id\=497 | 10 | 40 | cat=BOTNET ACTIVITY;start=1588834052000;end=1588834053000 | CommonSecurityLog | |
| 47 | 2020-05-11T16:23:29.357Z | Vectra Networks | papi_admin_peer_console | 5 | 0.0.0.0 | device9 | 5.6 | Privilege Anomaly: Unusual Account on Host | 111 | admin | https://x4-2-9.sc.tvec/detections/111?detail_id\=501 | 55 | 95 | cat=LATERAL MOVEMENT;account=cj@corp.example.com;start=1589205383000;end=1589211865000 | CommonSecurityLog | |||
| 48 | 2020-05-13T17:46:04.253Z | Vectra Networks | lockdown | 3 | 5.6 | Account Lockdown | 80 | cognito | https://x4-2-9.sc.tvec/accounts/80 | null | null | cat=LOCKDOWN;account=sysadmin@corp.example.com;start=1589391964246;end=1589391964246 | CommonSecurityLog | |||||
| 49 | 2020-05-12T16:28:29.81Z | Vectra Networks | smb_brute_force | 7 | 10.168.90.131 | x4-2-17.sc.tvec | 192.168.196.207 | 5.6 | SMB Brute-Force | 125 | IP-192.168.196.207 | https://x4-2-17.sc.tvec/detections/125?detail_id\=499 | 70 | 54 | cat=LATERAL MOVEMENT;start=1589300883000;end=1589300884000 | CommonSecurityLog | ||
| 50 | 2020-05-11T11:47:36.99Z | Vectra Networks | rdp_anomaly | 7 | 10.168.12.11 | x4-2-9.sc.tvec | 192.168.76.22 | 5.6 | Suspicious Remote Desktop | 98 | andyb | https://x4-2-9.sc.tvec/detections/98?detail_id\=484 | 70 | 10 | cat=LATERAL MOVEMENT;start=1589197629000;end=1589197629000 | CommonSecurityLog | ||
| 51 | 2020-05-13T17:26:02.197Z | Vectra Networks | papi_unusual_admin_console | 7 | 0.0.0.0 | device10 | 5.6 | Privilege Anomaly: Unusual Host | 100 | admin | https://x4-2-9.sc.tvec/detections/100?detail_id\=691 | 75 | 95 | cat=LATERAL MOVEMENT;account=sysadmin@corp.example.com;start=1589091765000;end=1589358325000 | CommonSecurityLog | |||
| 52 | 2020-05-11T17:13:32.003Z | Vectra Networks | threat_intel_exfil | 7 | 10.168.236.118 | x4-2-9.sc.tvec | 192.168.192.194 | 5.6 | Threat Intelligence Match | mutton-raglans.rs | 112 | IP-192.168.192.194 | user1 | https://x4-2-9.sc.tvec/detections/112?detail_id\=502 | 74 | 60 | cat=EXFILTRATION;start=1589217153000;end=1589217170000 | CommonSecurityLog |
| 53 | 2020-04-28T07:12:01.66Z | Vectra Networks | rpc_recon_1to1 | 3 | 10.168.90.2 | x4-3-14.sc.tvec | 192.168.90.101 | 5.6 | RPC Targeted Recon | 98 | XianFS | cognito | https://x4-3-14.sc.tvec/detections/98?detail_id\=490 | 38 | 10 | cat=RECONNAISSANCE;start=1588035191000;end=1588057274000 | CommonSecurityLog | |
| 54 | 2020-05-13T15:22:25.577Z | Vectra Networks | p2p_cnc | 2 | 11.1.1.7 | x4-2-17.sc.tvec | 192.168.196.95 | 5.6 | Peer-To-Peer | 129 | IP-192.168.196.95 | user2 | https://x4-2-17.sc.tvec/detections/129?detail_id\=512 | 20 | 95 | cat=COMMAND & CONTROL;start=1589383283000;end=1589383320000 | CommonSecurityLog | |
| 55 | 2020-05-01T17:52:33.273Z | Vectra Networks | kerberos_password_spray | 3 | 0.0.0.0 | dogfood.vectra.io | 10.0.2.170 | 5.7 | Kerberos Brute-Sweep | 44464 | sjc-dc-1.vectra.io | user1 | https://dogfood.vectra.io/detections/44464?detail_id\=550349 | 38 | 51 | cat=RECONNAISSANCE;start=1588355149000;end=1588355402000 | CommonSecurityLog | |
| 56 | 2020-05-12T08:09:47.46Z | Vectra Networks | smb_enum_user | 0 | 10.168.7.119 | dogfood.vectra.io | 192.168.7.40 | 5.7 | SMB Account Scan | 44350 | sc-insightvm | cognito | https://dogfood.vectra.io/detections/44350?detail_id\=560257 | 0 | 0 | cat=RECONNAISSANCE;start=1586243556000;end=1589270930000 | CommonSecurityLog | |
| 57 | 2020-04-22T15:33:26.577Z | Vectra Networks | TEST | lockdown | null | null | null | CommonSecurityLog | ||||||||||
| 58 | 2020-05-13T00:09:26.95Z | Vectra Networks | sw_o365_paaAnomaly | 0 | 0.0.0.0 | device11 | 5.7 | O365 Suspicious Sharepoint Operation | 44550 | user2 | https://dogfood.vectra.io/detections/44550?detail_id\=560839 | 5 | 20 | cat=LATERAL MOVEMENT;account=O365:derek@vectra.ai;start=1589311201000;end=1589311201000 | CommonSecurityLog |