14 KiB
14 KiB
| 1 | TenantId | SourceSystem | TimeGenerated [UTC] | ReceiptTime | DeviceVendor | DeviceProduct | DeviceEventClassID | LogSeverity | OriginalLogSeverity | DeviceAction | SimplifiedDeviceAction | Computer | CommunicationDirection | DeviceFacility | DestinationPort | DestinationIP | DeviceAddress | DeviceName | Message | Protocol | SourcePort | SourceIP | RemoteIP | RemotePort | MaliciousIP | ThreatSeverity | IndicatorThreatType | ThreatDescription | ThreatConfidence | ReportReferenceLink | MaliciousIPLongitude | MaliciousIPLatitude | MaliciousIPCountry | DeviceVersion | Activity | ApplicationProtocol | EventCount | DestinationDnsDomain | DestinationServiceName | DestinationTranslatedAddress | DestinationTranslatedPort | DeviceDnsDomain | DeviceExternalID | DeviceInboundInterface | DeviceNtDomain | DeviceOutboundInterface | DevicePayloadId | ProcessName | DeviceTranslatedAddress | DestinationHostName | DestinationMACAddress | DestinationNTDomain | DestinationProcessId | DestinationUserPrivileges | DestinationProcessName | DeviceTimeZone | DestinationUserID | DestinationUserName | DeviceMacAddress | ProcessID | ExternalID | FileCreateTime | FileHash | FileID | FileModificationTime | FilePath | FilePermission | FileType | FileName | FileSize | ReceivedBytes | OldFileCreateTime | OldFileHash | OldFileID | OldFileModificationTime | OldFileName | OldFilePath | OldFilePermission | OldFileSize | OldFileType | SentBytes | RequestURL | RequestClientApplication | RequestContext | RequestCookies | RequestMethod | SourceHostName | SourceMACAddress | SourceNTDomain | SourceDnsDomain | SourceServiceName | SourceTranslatedAddress | SourceTranslatedPort | SourceProcessId | SourceUserPrivileges | SourceProcessName | SourceUserID | SourceUserName | EventType | DeviceCustomIPv6Address1 | DeviceCustomIPv6Address1Label | DeviceCustomIPv6Address2 | DeviceCustomIPv6Address2Label | DeviceCustomIPv6Address3 | DeviceCustomIPv6Address3Label | DeviceCustomIPv6Address4 | DeviceCustomIPv6Address4Label | DeviceCustomFloatingPoint1 | DeviceCustomFloatingPoint1Label | DeviceCustomFloatingPoint2 | DeviceCustomFloatingPoint2Label | DeviceCustomFloatingPoint3 | DeviceCustomFloatingPoint3Label | DeviceCustomFloatingPoint4 | DeviceCustomFloatingPoint4Label | DeviceCustomNumber1 | DeviceCustomNumber1Label | DeviceCustomNumber2 | DeviceCustomNumber2Label | DeviceCustomNumber3 | DeviceCustomNumber3Label | DeviceCustomString1 | DeviceCustomString1Label | DeviceCustomString2 | DeviceCustomString2Label | DeviceCustomString3 | DeviceCustomString3Label | DeviceCustomString4 | DeviceCustomString4Label | DeviceCustomString5 | DeviceCustomString5Label | DeviceCustomString6 | DeviceCustomString6Label | DeviceCustomDate1 | DeviceCustomDate1Label | DeviceCustomDate2 | DeviceCustomDate2Label | FlexDate1 | FlexDate1Label | FlexNumber1 | FlexNumber1Label | FlexNumber2 | FlexNumber2Label | FlexString1 | FlexString1Label | FlexString2 | FlexString2Label | AdditionalExtensions | StartTime [UTC] | EndTime [UTC] | Type | _ResourceId |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2 | 43b17a91-11c4-45ef-9d0f-b544951e7039 | OpsManager | 11/7/2020, 11:23:37.472 AM | Onapsis | OSP | 3 | 0 | true | true | STAD | null | 192.168.206.20 | Dangerous RFC Execution | None | null | 192.168.206.20 | null | null | null | 2.2020.92.0.0 | Vulnerable Access Alert | null | null | __EMPTY__ | null | None | null | null | null | null | null | null | ABAP | null | null | None | ZONAPSIS | null | null | null | null | null | 1 | confidence | null | null | EBD | asset_name | 000 | client | None | logline | Nov 07 2020 11:22:27 UTC | null | null | OnapsisOSPColumnBname=None;OnapsisOSPColumnProfile=None;OnapsisOSPDetectedCompliance=None;OnapsisOSPDownloadedTable=None;OnapsisOSPEvents=None;OnapsisOSPIncidentDetail=None;OnapsisOSPMatchingRule=bd616cd67c011b2fe2aa9c6ce6f88b7c;OnapsisOSPProfileId=31;OnapsisOSPProgramName=None;OnapsisOSPResult=None;OnapsisOSPSapSecNotes=None;OnapsisOSPSid=EBD;OnapsisOSPTerminalSource=192.168.206.20;OnapsisOSPVulnerabilityCvss=None;cat=VulnerableAccess;end=Nov 07 2020 11:23:37 UTC;event_id=None;reason=None;sev=6 | 1/1/1970, 12:00:00.000 AM | 1/1/1970, 12:00:00.000 AM | CommonSecurityLog | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 3 | 43b17a91-11c4-45ef-9d0f-b544951e7039 | OpsManager | 11/7/2020, 11:23:37.484 AM | Onapsis | OSP | 4 | 0 | true | true | STAD | null | 192.168.206.20 | Dangerous RFC Execution | None | null | 192.168.206.20 | null | null | null | 2.2020.92.0.0 | Sensitive Access Alert | null | null | __EMPTY__ | null | None | null | null | null | null | null | null | ABAP | null | null | None | ZONAPSIS | null | null | null | null | null | 1 | confidence | null | null | EBD | asset_name | 000 | client | None | logline | Nov 07 2020 11:22:27 UTC | null | null | OnapsisOSPColumnBname=None;OnapsisOSPColumnProfile=None;OnapsisOSPDetectedCompliance=None;OnapsisOSPDownloadedTable=None;OnapsisOSPEvents=None;OnapsisOSPIncidentDetail=None;OnapsisOSPMatchingRule=b89ce0506f4b73b5e8a96c2f10d4d1bf;OnapsisOSPProfileId=30;OnapsisOSPProgramName=None;OnapsisOSPResult=None;OnapsisOSPSapSecNotes=None;OnapsisOSPSid=EBD;OnapsisOSPTerminalSource=192.168.206.20;OnapsisOSPVulnerabilityCvss=None;cat=SensitiveAccess;end=Nov 07 2020 11:23:37 UTC;event_id=None;reason=None;sev=6 | 1/1/1970, 12:00:00.000 AM | 1/1/1970, 12:00:00.000 AM | CommonSecurityLog | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 4 | 43b17a91-11c4-45ef-9d0f-b544951e7039 | OpsManager | 11/7/2020, 11:23:37.484 AM | Onapsis | OSP | 4 | 0 | true | true | STAD | null | 192.168.206.20 | Dangerous RFC Execution | None | null | 192.168.206.20 | null | null | null | 2.2020.92.0.0 | Sensitive Access Alert | null | null | __EMPTY__ | null | None | null | null | null | null | null | null | ABAP | null | null | None | ZONAPSIS | null | null | null | null | null | 1 | confidence | null | null | EBD | asset_name | 000 | client | None | logline | Nov 07 2020 11:22:27 UTC | null | null | OnapsisOSPColumnBname=None;OnapsisOSPColumnProfile=None;OnapsisOSPDetectedCompliance=None;OnapsisOSPDownloadedTable=None;OnapsisOSPEvents=None;OnapsisOSPIncidentDetail=None;OnapsisOSPMatchingRule=9460b245a8db018f57a0a7f3e4d52c94;OnapsisOSPProfileId=30;OnapsisOSPProgramName=None;OnapsisOSPResult=None;OnapsisOSPSapSecNotes=None;OnapsisOSPSid=EBD;OnapsisOSPTerminalSource=192.168.206.20;OnapsisOSPVulnerabilityCvss=None;cat=SensitiveAccess;end=Nov 07 2020 11:23:37 UTC;event_id=None;reason=None;sev=6 | 1/1/1970, 12:00:00.000 AM | 1/1/1970, 12:00:00.000 AM | CommonSecurityLog | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 5 | 43b17a91-11c4-45ef-9d0f-b544951e7039 | OpsManager | 11/7/2020, 2:15:49.243 PM | Onapsis | OSP | 1 | 0 | true | true | STAD | null | 192.168.224.36 | CS_UAT_102 | RFC | null | null | null | null | 2.2020.92.0.0 | CS_UAT_102 | null | null | __EMPTY__ | null | None | null | null | null | null | null | null | ABAP | labsapsrv254.orl.ona | null | null | None | UAT_USER | null | null | null | null | null | 3 | confidence | null | null | UA5 | asset_name | 000 | client | None | logline | None | patch_applied | Nov 07 2020 14:07:15 UTC | null | null | OnapsisOSPColumnBname=None;OnapsisOSPColumnProfile=None;OnapsisOSPDetectedCompliance=None;OnapsisOSPDownloadedTable=None;OnapsisOSPEvents=None;OnapsisOSPIncidentDetail=None;OnapsisOSPMatchingRule=None;OnapsisOSPModuleCategory=None;OnapsisOSPModuleDescription=None;OnapsisOSPModuleName=None;OnapsisOSPPolicy=None;OnapsisOSPProfileId=68;OnapsisOSPProgramName=None;OnapsisOSPResult=None;OnapsisOSPSapSecNotes=None;OnapsisOSPSid=UA5;OnapsisOSPTerminalSource=labsapsrv254.orl.ona;OnapsisOSPVulnerabilityCvss=None;cat=UserActivity;end=Nov 07 2020 14:08:09 ;event_id=None;reason=None;sev=6 | 1/1/1970, 12:00:00.000 AM | 1/1/1970, 12:00:00.000 AM | CommonSecurityLog | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 6 | 43b17a91-11c4-45ef-9d0f-b544951e7039 | OpsManager | 11/7/2020, 2:15:49.255 PM | Onapsis | OSP | 1 | 0 | true | true | STAD | null | 192.168.224.36 | CS_UAT_102 | RFC | null | null | null | null | 2.2020.92.0.0 | CS_UAT_102 | null | null | __EMPTY__ | null | None | null | null | null | null | null | null | ABAP | labsapsrv254.orl.ona | null | null | None | OP_USER | null | null | null | null | null | 3 | confidence | null | null | UA5 | asset_name | 001 | client | None | logline | None | patch_applied | Nov 07 2020 14:08:02 UTC | null | null | OnapsisOSPColumnBname=None;OnapsisOSPColumnProfile=None;OnapsisOSPDetectedCompliance=None;OnapsisOSPDownloadedTable=None;OnapsisOSPEvents=None;OnapsisOSPIncidentDetail=None;OnapsisOSPMatchingRule=None;OnapsisOSPModuleCategory=None;OnapsisOSPModuleDescription=None;OnapsisOSPModuleName=None;OnapsisOSPPolicy=None;OnapsisOSPProfileId=68;OnapsisOSPProgramName=None;OnapsisOSPResult=None;OnapsisOSPSapSecNotes=None;OnapsisOSPSid=UA5;OnapsisOSPTerminalSource=labsapsrv254.orl.ona;OnapsisOSPVulnerabilityCvss=None;cat=UserActivity;end=Nov 07 2020 14:08:09 ;event_id=None;reason=None;sev=6 | 1/1/1970, 12:00:00.000 AM | 1/1/1970, 12:00:00.000 AM | CommonSecurityLog | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 7 | 43b17a91-11c4-45ef-9d0f-b544951e7039 | OpsManager | 11/7/2020, 2:15:49.269 PM | Onapsis | OSP | 1 | 0 | true | true | STAD | null | 192.168.224.36 | CS_UAT_102 | RFC | null | null | null | null | 2.2020.92.0.0 | CS_UAT_102 | null | null | __EMPTY__ | null | None | null | null | null | null | null | null | ABAP | labsapsrv254.orl.ona | null | null | None | UAT_USER | null | null | null | null | null | 3 | confidence | null | null | UA5 | asset_name | 000 | client | None | logline | None | patch_applied | Nov 07 2020 14:08:15 UTC | null | null | OnapsisOSPColumnBname=None;OnapsisOSPColumnProfile=None;OnapsisOSPDetectedCompliance=None;OnapsisOSPDownloadedTable=None;OnapsisOSPEvents=None;OnapsisOSPIncidentDetail=None;OnapsisOSPMatchingRule=None;OnapsisOSPModuleCategory=None;OnapsisOSPModuleDescription=None;OnapsisOSPModuleName=None;OnapsisOSPPolicy=None;OnapsisOSPProfileId=68;OnapsisOSPProgramName=None;OnapsisOSPResult=None;OnapsisOSPSapSecNotes=None;OnapsisOSPSid=UA5;OnapsisOSPTerminalSource=labsapsrv254.orl.ona;OnapsisOSPVulnerabilityCvss=None;cat=UserActivity;end=Nov 07 2020 14:09:09 ;event_id=None;reason=None;sev=6 | 1/1/1970, 12:00:00.000 AM | 1/1/1970, 12:00:00.000 AM | CommonSecurityLog | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 8 | 43b17a91-11c4-45ef-9d0f-b544951e7039 | OpsManager | 11/7/2020, 2:15:49.270 PM | Onapsis | OSP | 1 | 0 | false | false | STAD | null | 192.168.224.36 | CS_UAT_102 | RFC | null | null | null | null | 2.2020.92.0.0 | CS_UAT_102 | null | null | __EMPTY__ | null | None | null | null | null | null | null | null | ABAP | labsapsrv254.orl.ona | null | null | None | UNKNOWN | null | null | null | null | null | 3 | confidence | null | null | UA5 | asset_name | 000 | client | None | logline | None | patch_applied | Nov 07 2020 14:08:46 UTC | null | null | OnapsisOSPColumnBname=None;OnapsisOSPColumnProfile=None;OnapsisOSPDetectedCompliance=None;OnapsisOSPDownloadedTable=None;OnapsisOSPEvents=None;OnapsisOSPIncidentDetail=None;OnapsisOSPMatchingRule=None;OnapsisOSPModuleCategory=None;OnapsisOSPModuleDescription=None;OnapsisOSPModuleName=None;OnapsisOSPPolicy=None;OnapsisOSPProfileId=68;OnapsisOSPProgramName=None;OnapsisOSPResult=None;OnapsisOSPSapSecNotes=None;OnapsisOSPSid=UA5;OnapsisOSPTerminalSource=labsapsrv254.orl.ona;OnapsisOSPVulnerabilityCvss=None;cat=UserActivity;end=Nov 07 2020 14:09:09 ;event_id=None;reason=None;sev=6 | 1/1/1970, 12:00:00.000 AM | 1/1/1970, 12:00:00.000 AM | CommonSecurityLog | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 9 | 43b17a91-11c4-45ef-9d0f-b544951e7039 | OpsManager | 11/7/2020, 2:15:49.270 PM | Onapsis | OSP | 1 | 0 | false | false | STAD | null | 192.168.224.36 | CS_UAT_102 | RFC | null | null | null | null | 2.2020.92.0.0 | CS_UAT_102 | null | null | __EMPTY__ | null | None | null | null | null | null | null | null | ABAP | labsapsrv254.orl.ona | null | null | None | UNKNOWN | null | null | null | null | null | 3 | confidence | null | null | UA5 | asset_name | 000 | client | None | logline | None | patch_applied | Nov 07 2020 14:08:46 UTC | null | null | OnapsisOSPColumnBname=None;OnapsisOSPColumnProfile=None;OnapsisOSPDetectedCompliance=None;OnapsisOSPDownloadedTable=None;OnapsisOSPEvents=None;OnapsisOSPIncidentDetail=None;OnapsisOSPMatchingRule=None;OnapsisOSPModuleCategory=None;OnapsisOSPModuleDescription=None;OnapsisOSPModuleName=None;OnapsisOSPPolicy=None;OnapsisOSPProfileId=68;OnapsisOSPProgramName=None;OnapsisOSPResult=None;OnapsisOSPSapSecNotes=None;OnapsisOSPSid=UA5;OnapsisOSPTerminalSource=labsapsrv254.orl.ona;OnapsisOSPVulnerabilityCvss=None;cat=UserActivity;end=Nov 07 2020 14:09:09 ;event_id=None;reason=None;sev=6 | 1/1/1970, 12:00:00.000 AM | 1/1/1970, 12:00:00.000 AM | CommonSecurityLog | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 10 | 43b17a91-11c4-45ef-9d0f-b544951e7039 | OpsManager | 11/7/2020, 2:15:49.270 PM | Onapsis | OSP | 1 | 0 | true | true | STAD | null | 192.168.224.36 | CS_UAT_102 | RFC | null | null | null | null | 2.2020.92.0.0 | CS_UAT_102 | null | null | __EMPTY__ | null | None | null | null | null | null | null | null | ABAP | labsapsrv254.orl.ona | null | null | None | OP_USER | null | null | null | null | null | 3 | confidence | null | null | UA5 | asset_name | 001 | client | None | logline | None | patch_applied | Nov 07 2020 14:09:02 UTC | null | null | OnapsisOSPColumnBname=None;OnapsisOSPColumnProfile=None;OnapsisOSPDetectedCompliance=None;OnapsisOSPDownloadedTable=None;OnapsisOSPEvents=None;OnapsisOSPIncidentDetail=None;OnapsisOSPMatchingRule=None;OnapsisOSPModuleCategory=None;OnapsisOSPModuleDescription=None;OnapsisOSPModuleName=None;OnapsisOSPPolicy=None;OnapsisOSPProfileId=68;OnapsisOSPProgramName=None;OnapsisOSPResult=None;OnapsisOSPSapSecNotes=None;OnapsisOSPSid=UA5;OnapsisOSPTerminalSource=labsapsrv254.orl.ona;OnapsisOSPVulnerabilityCvss=None;cat=UserActivity;end=Nov 07 2020 14:09:09 ;event_id=None;reason=None;sev=6 | 1/1/1970, 12:00:00.000 AM | 1/1/1970, 12:00:00.000 AM | CommonSecurityLog | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 11 | 43b17a91-11c4-45ef-9d0f-b544951e7039 | OpsManager | 11/7/2020, 2:15:49.284 PM | Onapsis | OSP | 1 | 0 | true | true | STAD | null | 192.168.224.36 | CS_UAT_102 | RFC | null | null | null | null | 2.2020.92.0.0 | CS_UAT_102 | null | null | __EMPTY__ | null | None | null | null | null | null | null | null | ABAP | labsapsrv254.orl.ona | null | null | None | UAT_USER | null | null | null | null | null | 3 | confidence | null | null | UA5 | asset_name | 000 | client | None | logline | None | patch_applied | Nov 07 2020 14:09:15 UTC | null | null | OnapsisOSPColumnBname=None;OnapsisOSPColumnProfile=None;OnapsisOSPDetectedCompliance=None;OnapsisOSPDownloadedTable=None;OnapsisOSPEvents=None;OnapsisOSPIncidentDetail=None;OnapsisOSPMatchingRule=None;OnapsisOSPModuleCategory=None;OnapsisOSPModuleDescription=None;OnapsisOSPModuleName=None;OnapsisOSPPolicy=None;OnapsisOSPProfileId=68;OnapsisOSPProgramName=None;OnapsisOSPResult=None;OnapsisOSPSapSecNotes=None;OnapsisOSPSid=UA5;OnapsisOSPTerminalSource=labsapsrv254.orl.ona;OnapsisOSPVulnerabilityCvss=None;cat=UserActivity;end=Nov 07 2020 14:10:10 ;event_id=None;reason=None;sev=6 | 1/1/1970, 12:00:00.000 AM | 1/1/1970, 12:00:00.000 AM | CommonSecurityLog |