8.0 KiB
8.0 KiB
| 1 | TenantId | SourceSystem | TimeGenerated [UTC] | ReceiptTime | DeviceVendor | DeviceProduct | DeviceEventClassID | LogSeverity | OriginalLogSeverity | DeviceAction | SimplifiedDeviceAction | Computer | CommunicationDirection | DeviceFacility | DestinationPort | DestinationIP | DeviceAddress | DeviceName | Message | Protocol | SourcePort | SourceIP | RemoteIP | RemotePort | MaliciousIP | ThreatSeverity | IndicatorThreatType | ThreatDescription | ThreatConfidence | ReportReferenceLink | MaliciousIPLongitude | MaliciousIPLatitude | MaliciousIPCountry | DeviceVersion | Activity | ApplicationProtocol | EventCount | DestinationDnsDomain | DestinationServiceName | DestinationTranslatedAddress | DestinationTranslatedPort | DeviceDnsDomain | DeviceExternalID | DeviceInboundInterface | DeviceNtDomain | DeviceOutboundInterface | DevicePayloadId | ProcessName | DeviceTranslatedAddress | DestinationHostName | DestinationMACAddress | DestinationNTDomain | DestinationProcessId | DestinationUserPrivileges | DestinationProcessName | DeviceTimeZone | DestinationUserID | DestinationUserName | DeviceMacAddress | ProcessID | ExternalID | FileCreateTime | FileHash | FileID | FileModificationTime | FilePath | FilePermission | FileType | FileName | FileSize | ReceivedBytes | OldFileCreateTime | OldFileHash | OldFileID | OldFileModificationTime | OldFileName | OldFilePath | OldFilePermission | OldFileSize | OldFileType | SentBytes | RequestURL | RequestClientApplication | RequestContext | RequestCookies | RequestMethod | SourceHostName | SourceMACAddress | SourceNTDomain | SourceDnsDomain | SourceServiceName | SourceTranslatedAddress | SourceTranslatedPort | SourceProcessId | SourceUserPrivileges | SourceProcessName | SourceUserID | SourceUserName | EventType | DeviceCustomIPv6Address1 | DeviceCustomIPv6Address1Label | DeviceCustomIPv6Address2 | DeviceCustomIPv6Address2Label | DeviceCustomIPv6Address3 | DeviceCustomIPv6Address3Label | DeviceCustomIPv6Address4 | DeviceCustomIPv6Address4Label | DeviceCustomFloatingPoint1 | DeviceCustomFloatingPoint1Label | DeviceCustomFloatingPoint2 | DeviceCustomFloatingPoint2Label | DeviceCustomFloatingPoint3 | DeviceCustomFloatingPoint3Label | DeviceCustomFloatingPoint4 | DeviceCustomFloatingPoint4Label | DeviceCustomNumber1 | DeviceCustomNumber1Label | DeviceCustomNumber2 | DeviceCustomNumber2Label | DeviceCustomNumber3 | DeviceCustomNumber3Label | DeviceCustomString1 | DeviceCustomString1Label | DeviceCustomString2 | DeviceCustomString2Label | DeviceCustomString3 | DeviceCustomString3Label | DeviceCustomString4 | DeviceCustomString4Label | DeviceCustomString5 | DeviceCustomString5Label | DeviceCustomString6 | DeviceCustomString6Label | DeviceCustomDate1 | DeviceCustomDate1Label | DeviceCustomDate2 | DeviceCustomDate2Label | FlexDate1 | FlexDate1Label | FlexNumber1 | FlexNumber1Label | FlexNumber2 | FlexNumber2Label | FlexString1 | FlexString1Label | FlexString2 | FlexString2Label | AdditionalExtensions | StartTime [UTC] | EndTime [UTC] | Type | _ResourceId |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2 | ad1f026a-17e7-4fa8-82df-9cd9d3d3b320 | OpsManager | 12/10/2020, 10:22:47.092 AM | Forcepoint CSG | Web | "Productivity Loss | 0 | Authentication Required | Authentication Required | 168.63.129.16 | 10.0.100.4 | 1 | None | HTTP | Unknown | HealthService | 0 | 890 | HTTP://168.63.129.16/HealthService | None | Post | Not available | Web Hosting | Category Name | 168.63.129.16 | Domain name of the destination site | Cork BizDev | Policy Name | 52.136.205.45 | IP address of connection to the cloud service. | None | Cloud App Risk Level | 2020-12-10T10:20:03.000Z | Log Created Time | Netherlands - Amsterdam (X) | The cloud service data center that processed therequest. | CommonSecurityLog | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 3 | ad1f026a-17e7-4fa8-82df-9cd9d3d3b320 | OpsManager | 12/10/2020, 10:22:47.421 AM | Forcepoint CSG | Web | "Productivity Loss | 0 | Authentication Required | Authentication Required | 168.63.129.16 | 10.0.100.4 | 1 | None | HTTP | Unknown | machine | 0 | 669 | HTTP://168.63.129.16/machine?comp\=goalstate | None | Get | Not available | Web Hosting | Category Name | 168.63.129.16 | Domain name of the destination site | Cork BizDev | Policy Name | 52.136.205.45 | IP address of connection to the cloud service. | None | Cloud App Risk Level | 2020-12-10T10:21:05.000Z | Log Created Time | Netherlands - Amsterdam (X) | The cloud service data center that processed therequest. | CommonSecurityLog | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 4 | ad1f026a-17e7-4fa8-82df-9cd9d3d3b320 | OpsManager | 12/10/2020, 10:22:47.476 AM | Forcepoint CSG | Web | "Productivity Loss | 0 | Blocked | Blocked | 168.63.129.16 | 52.136.205.45 | 1 | None | HTTP | Unknown | HealthService | 0 | 429 | HTTP://168.63.129.16/HealthService | None | Post | Not available | Web Hosting | Category Name | 168.63.129.16 | Domain name of the destination site | Cork BizDev | Policy Name | 52.136.205.45 | IP address of connection to the cloud service. | None | Cloud App Risk Level | 2020-12-10T10:21:06.000Z | Log Created Time | Netherlands - Amsterdam (X) | The cloud service data center that processed therequest. | CommonSecurityLog | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 5 | ad1f026a-17e7-4fa8-82df-9cd9d3d3b320 | OpsManager | 12/10/2020, 10:22:47.530 AM | Forcepoint CSG | Web | "Productivity Loss | 0 | Authentication Required | Authentication Required | 168.63.129.16 | 10.0.100.4 | 1 | None | HTTP | Unknown | HealthService | 0 | 890 | HTTP://168.63.129.16/HealthService | None | Post | Not available | Web Hosting | Category Name | 168.63.129.16 | Domain name of the destination site | Cork BizDev | Policy Name | 52.136.205.45 | IP address of connection to the cloud service. | None | Cloud App Risk Level | 2020-12-10T10:21:05.000Z | Log Created Time | Netherlands - Amsterdam (X) | The cloud service data center that processed therequest. | CommonSecurityLog | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 6 | ad1f026a-17e7-4fa8-82df-9cd9d3d3b320 | OpsManager | 12/10/2020, 10:22:49.185 AM | Forcepoint CSG | Business Usage | 0 | Accepted | Accepted | 1 | Warning: could not send message for past 4 hours | 127.0.0.1 | 1 | CSG EMail | 39LXRXxQKBKsRZZRWPLWPced-YZcPaWjRZZRWP.NZXUOZPWLMdP.Pf@alerts.bounces.google.com | None" | None | 0 | Mail Delivery Subsystem | MAILER-DAEMON@rly10d.srv.mailcontrol.com | 0 | Spam Score | 27707 | Message Size | None | Black/white listed | None | Virus Name | DEFAULT | Policy Name | None | Advanced Encryption | 2020-12-10T10:14:25.000Z | Log Created Time | Clean | Filtering Reason | CommonSecurityLog | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 7 | ad1f026a-17e7-4fa8-82df-9cd9d3d3b320 | OpsManager | 12/10/2020, 10:22:49.497 AM | Forcepoint CSG | Business Usage | 0 | Accepted | Accepted | 0 | Alerte Google : South Africa | 209.85.219.198 | 1 | CSG EMail | jdoe@labse.eu | None" | None | 0 | Google Alerts | googlealerts-noreply@google.com | -105.4 | Spam Score | 14767 | Message Size | None | Black/white listed | None | Virus Name | DEFAULT | Policy Name | None | Advanced Encryption | 2020-12-10T10:15:58.000Z | Log Created Time | Clean | Filtering Reason | CommonSecurityLog | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 8 | ad1f026a-17e7-4fa8-82df-9cd9d3d3b320 | OpsManager | 12/10/2020, 10:22:49.878 AM | Forcepoint CSG | Productivity Loss | 0 | Accepted | Accepted | 0 | Alerte Google : Israel | 209.85.219.198 | 1 | CSG EMail | jdoe@labse.eu | None" | None | 0 | Google Alerts | googlealerts-noreply@google.com | -105.6 | Spam Score | 44172 | Message Size | None | Black/white listed | None | Virus Name | DEFAULT | Policy Name | None | Advanced Encryption | 2020-12-10T10:15:58.000Z | Log Created Time | Clean | Filtering Reason | CommonSecurityLog | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 9 | ad1f026a-17e7-4fa8-82df-9cd9d3d3b320 | OpsManager | 12/10/2020, 10:22:49.932 AM | Forcepoint CSG | Productivity Loss | 0 | Accepted | Accepted | 1 | Returned mail: see transcript for details | 127.0.0.1 | 1 | CSG EMail | 3FrfIXxQKBKsRZZRWPLWPced-YZcPaWjRZZRWP.NZXUOZPWLMdP.Pf@alerts.bounces.google.com | None" | None | 0 | Mail Delivery Subsystem | MAILER-DAEMON@rly01a.srv.mailcontrol.com | 0 | Spam Score | 102814 | Message Size | None | Black/white listed | None | Virus Name | DEFAULT | Policy Name | None | Advanced Encryption | 2020-12-10T10:16:11.000Z | Log Created Time | Clean | Filtering Reason | CommonSecurityLog |