Azure-Sentinel/Sample Data/CEF/Forcepoint Cloud Security Gateway.csv

TenantId,SourceSystem,TimeGenerated [UTC],ReceiptTime,DeviceVendor,DeviceProduct,DeviceEventClassID,LogSeverity,OriginalLogSeverity,DeviceAction,SimplifiedDeviceAction,Computer,CommunicationDirection,DeviceFacility,DestinationPort,DestinationIP,DeviceAddress,DeviceName,Message,Protocol,SourcePort,SourceIP,RemoteIP,RemotePort,MaliciousIP,ThreatSeverity,IndicatorThreatType,ThreatDescription,ThreatConfidence,ReportReferenceLink,MaliciousIPLongitude,MaliciousIPLatitude,MaliciousIPCountry,DeviceVersion,Activity,ApplicationProtocol,EventCount,DestinationDnsDomain,DestinationServiceName,DestinationTranslatedAddress,DestinationTranslatedPort,DeviceDnsDomain,DeviceExternalID,DeviceInboundInterface,DeviceNtDomain,DeviceOutboundInterface,DevicePayloadId,ProcessName,DeviceTranslatedAddress,DestinationHostName,DestinationMACAddress,DestinationNTDomain,DestinationProcessId,DestinationUserPrivileges,DestinationProcessName,DeviceTimeZone,DestinationUserID,DestinationUserName,DeviceMacAddress,ProcessID,ExternalID,FileCreateTime,FileHash,FileID,FileModificationTime,FilePath,FilePermission,FileType,FileName,FileSize,ReceivedBytes,OldFileCreateTime,OldFileHash,OldFileID,OldFileModificationTime,OldFileName,OldFilePath,OldFilePermission,OldFileSize,OldFileType,SentBytes,RequestURL,RequestClientApplication,RequestContext,RequestCookies,RequestMethod,SourceHostName,SourceMACAddress,SourceNTDomain,SourceDnsDomain,SourceServiceName,SourceTranslatedAddress,SourceTranslatedPort,SourceProcessId,SourceUserPrivileges,SourceProcessName,SourceUserID,SourceUserName,EventType,DeviceCustomIPv6Address1,DeviceCustomIPv6Address1Label,DeviceCustomIPv6Address2,DeviceCustomIPv6Address2Label,DeviceCustomIPv6Address3,DeviceCustomIPv6Address3Label,DeviceCustomIPv6Address4,DeviceCustomIPv6Address4Label,DeviceCustomFloatingPoint1,DeviceCustomFloatingPoint1Label,DeviceCustomFloatingPoint2,DeviceCustomFloatingPoint2Label,DeviceCustomFloatingPoint3,DeviceCustomFloatingPoint3Label,DeviceCustomFloatingPoint4,DeviceCustomFloatingPoint4Label,DeviceCustomNumber1,DeviceCustomNumber1Label,DeviceCustomNumber2,DeviceCustomNumber2Label,DeviceCustomNumber3,DeviceCustomNumber3Label,DeviceCustomString1,DeviceCustomString1Label,DeviceCustomString2,DeviceCustomString2Label,DeviceCustomString3,DeviceCustomString3Label,DeviceCustomString4,DeviceCustomString4Label,DeviceCustomString5,DeviceCustomString5Label,DeviceCustomString6,DeviceCustomString6Label,DeviceCustomDate1,DeviceCustomDate1Label,DeviceCustomDate2,DeviceCustomDate2Label,FlexDate1,FlexDate1Label,FlexNumber1,FlexNumber1Label,FlexNumber2,FlexNumber2Label,FlexString1,FlexString1Label,FlexString2,FlexString2Label,AdditionalExtensions,StartTime [UTC],EndTime [UTC],Type,_ResourceId
ad1f026a-17e7-4fa8-82df-9cd9d3d3b320,OpsManager,"12/10/2020, 10:22:47.092 AM",,Forcepoint CSG,Web,"""Productivity Loss",0,,Authentication Required,Authentication Required,,,,,168.63.129.16,,,,,,10.0.100.4,,,,,,,,,,,,1,None,HTTP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Unknown,HealthService,,0,,,,,,,,,,890,HTTP://168.63.129.16/HealthService,None,,,Post,,,,,,,,,,,Not available,,,,,,,,,,,,,,,,,,,,,,,,,Web Hosting,Category Name,168.63.129.16,Domain name of the destination site,Cork BizDev,Policy Name,52.136.205.45,IP address of connection to the cloud service.,None,Cloud App Risk Level,,,2020-12-10T10:20:03.000Z,Log Created Time ,,,,,,,,,Netherlands - Amsterdam (X),The cloud service data center that processed therequest.,,,,,,CommonSecurityLog,
ad1f026a-17e7-4fa8-82df-9cd9d3d3b320,OpsManager,"12/10/2020, 10:22:47.421 AM",,Forcepoint CSG,Web,"""Productivity Loss",0,,Authentication Required,Authentication Required,,,,,168.63.129.16,,,,,,10.0.100.4,,,,,,,,,,,,1,None,HTTP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Unknown,machine,,0,,,,,,,,,,669,HTTP://168.63.129.16/machine?comp\=goalstate,None,,,Get,,,,,,,,,,,Not available,,,,,,,,,,,,,,,,,,,,,,,,,Web Hosting,Category Name,168.63.129.16,Domain name of the destination site,Cork BizDev,Policy Name,52.136.205.45,IP address of connection to the cloud service.,None,Cloud App Risk Level,,,2020-12-10T10:21:05.000Z,Log Created Time ,,,,,,,,,Netherlands - Amsterdam (X),The cloud service data center that processed therequest.,,,,,,CommonSecurityLog,
ad1f026a-17e7-4fa8-82df-9cd9d3d3b320,OpsManager,"12/10/2020, 10:22:47.476 AM",,Forcepoint CSG,Web,"""Productivity Loss",0,,Blocked,Blocked,,,,,168.63.129.16,,,,,,52.136.205.45,,,,,,,,,,,,1,None,HTTP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Unknown,HealthService,,0,,,,,,,,,,429,HTTP://168.63.129.16/HealthService,None,,,Post,,,,,,,,,,,Not available,,,,,,,,,,,,,,,,,,,,,,,,,Web Hosting,Category Name,168.63.129.16,Domain name of the destination site,Cork BizDev,Policy Name,52.136.205.45,IP address of connection to the cloud service.,None,Cloud App Risk Level,,,2020-12-10T10:21:06.000Z,Log Created Time ,,,,,,,,,Netherlands - Amsterdam (X),The cloud service data center that processed therequest.,,,,,,CommonSecurityLog,
ad1f026a-17e7-4fa8-82df-9cd9d3d3b320,OpsManager,"12/10/2020, 10:22:47.530 AM",,Forcepoint CSG,Web,"""Productivity Loss",0,,Authentication Required,Authentication Required,,,,,168.63.129.16,,,,,,10.0.100.4,,,,,,,,,,,,1,None,HTTP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Unknown,HealthService,,0,,,,,,,,,,890,HTTP://168.63.129.16/HealthService,None,,,Post,,,,,,,,,,,Not available,,,,,,,,,,,,,,,,,,,,,,,,,Web Hosting,Category Name,168.63.129.16,Domain name of the destination site,Cork BizDev,Policy Name,52.136.205.45,IP address of connection to the cloud service.,None,Cloud App Risk Level,,,2020-12-10T10:21:05.000Z,Log Created Time ,,,,,,,,,Netherlands - Amsterdam (X),The cloud service data center that processed therequest.,,,,,,CommonSecurityLog,
ad1f026a-17e7-4fa8-82df-9cd9d3d3b320,OpsManager,"12/10/2020, 10:22:49.185 AM",,Forcepoint CSG,Email,Business Usage,0,,Accepted,Accepted,,1,,,,,,Warning: could not send message for past 4 hours,,,127.0.0.1,,,,,,,,,,,,1,CSG EMail,,,,,,,,,,,,,,,,,,,,,,,39LXRXxQKBKsRZZRWPLWPced-YZcPaWjRZZRWP.NZXUOZPWLMdP.Pf@alerts.bounces.google.com,,,,,,,,,,"None""",None,0,,,,,,,,,,,,,,,,,,,,,,,,,,,Mail Delivery Subsystem,MAILER-DAEMON@rly10d.srv.mailcontrol.com,,,,,,,,,,0,Spam Score,,,,,,,27707,Message Size,,,,,None,Black/white listed,None,Virus Name,DEFAULT,Policy Name,None,Advanced Encryption,,,,,2020-12-10T10:14:25.000Z,Log Created Time ,,,,,,,,,Clean,Filtering Reason,,,,,,CommonSecurityLog,
ad1f026a-17e7-4fa8-82df-9cd9d3d3b320,OpsManager,"12/10/2020, 10:22:49.497 AM",,Forcepoint CSG,Email,Business Usage,0,,Accepted,Accepted,,0,,,,,,Alerte Google : South Africa,,,209.85.219.198,,,,,,,,,,,,1,CSG EMail,,,,,,,,,,,,,,,,,,,,,,,jdoe@labse.eu,,,,,,,,,,"None""",None,0,,,,,,,,,,,,,,,,,,,,,,,,,,,Google Alerts,googlealerts-noreply@google.com,,,,,,,,,,-105.4,Spam Score,,,,,,,14767,Message Size,,,,,None,Black/white listed,None,Virus Name,DEFAULT,Policy Name,None,Advanced Encryption,,,,,2020-12-10T10:15:58.000Z,Log Created Time ,,,,,,,,,Clean,Filtering Reason,,,,,,CommonSecurityLog,
ad1f026a-17e7-4fa8-82df-9cd9d3d3b320,OpsManager,"12/10/2020, 10:22:49.878 AM",,Forcepoint CSG,Email,Productivity Loss,0,,Accepted,Accepted,,0,,,,,,Alerte Google : Israel,,,209.85.219.198,,,,,,,,,,,,1,CSG EMail,,,,,,,,,,,,,,,,,,,,,,,jdoe@labse.eu,,,,,,,,,,"None""",None,0,,,,,,,,,,,,,,,,,,,,,,,,,,,Google Alerts,googlealerts-noreply@google.com,,,,,,,,,,-105.6,Spam Score,,,,,,,44172,Message Size,,,,,None,Black/white listed,None,Virus Name,DEFAULT,Policy Name,None,Advanced Encryption,,,,,2020-12-10T10:15:58.000Z,Log Created Time ,,,,,,,,,Clean,Filtering Reason,,,,,,CommonSecurityLog,
ad1f026a-17e7-4fa8-82df-9cd9d3d3b320,OpsManager,"12/10/2020, 10:22:49.932 AM",,Forcepoint CSG,Email,Productivity Loss,0,,Accepted,Accepted,,1,,,,,,Returned mail: see transcript for details,,,127.0.0.1,,,,,,,,,,,,1,CSG EMail,,,,,,,,,,,,,,,,,,,,,,,3FrfIXxQKBKsRZZRWPLWPced-YZcPaWjRZZRWP.NZXUOZPWLMdP.Pf@alerts.bounces.google.com,,,,,,,,,,"None""",None,0,,,,,,,,,,,,,,,,,,,,,,,,,,,Mail Delivery Subsystem,MAILER-DAEMON@rly01a.srv.mailcontrol.com,,,,,,,,,,0,Spam Score,,,,,,,102814,Message Size,,,,,None,Black/white listed,None,Virus Name,DEFAULT,Policy Name,None,Advanced Encryption,,,,,2020-12-10T10:16:11.000Z,Log Created Time ,,,,,,,,,Clean,Filtering Reason,,,,,,CommonSecurityLog,