Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Sample Data/AIA-Darktrace.csv

11 KiB
Исходник Ответственный История

1DeviceEventClassIDLogSeverityOriginalLogSeverityDeviceActionSimplifiedDeviceActionComputerCommunicationDirectionDeviceFacilityDestinationPortDestinationIPDeviceAddressDeviceNameMessageProtocolSourcePortSourceIPRemoteIPRemotePortMaliciousIPThreatSeverityIndicatorThreatTypeThreatDescriptionThreatConfidenceReportReferenceLinkMaliciousIPLongitudeMaliciousIPLatitudeMaliciousIPCountryDeviceVersionActivityApplicationProtocolEventCountDestinationDnsDomainDestinationServiceNameDestinationTranslatedAddressDestinationTranslatedPortDeviceDnsDomainDeviceExternalIDDeviceInboundInterfaceDeviceNtDomainDeviceOutboundInterfaceDevicePayloadIdProcessNameDeviceTranslatedAddressDestinationHostNameDestinationMACAddressDestinationNTDomainDestinationProcessIdDestinationUserPrivilegesDestinationProcessNameDeviceTimeZoneDestinationUserIDDestinationUserNameDeviceMacAddressProcessIDExternalIDFileCreateTimeFileHashFileIDFileModificationTimeFilePathFilePermissionFileTypeFileNameFileSizeReceivedBytesOldFileCreateTimeOldFileHashOldFileIDOldFileModificationTimeOldFileNameOldFilePathOldFilePermissionOldFileSizeOldFileTypeSentBytesRequestURLRequestClientApplicationRequestContextRequestCookiesRequestMethodSourceHostNameSourceMACAddressSourceNTDomainSourceDnsDomainSourceServiceNameSourceTranslatedAddressSourceTranslatedPortSourceProcessIdSourceUserPrivilegesSourceProcessNameSourceUserIDSourceUserNameEventTypeDeviceCustomIPv6Address1DeviceCustomIPv6Address1LabelDeviceCustomIPv6Address2DeviceCustomIPv6Address2LabelDeviceCustomIPv6Address3DeviceCustomIPv6Address3LabelDeviceCustomIPv6Address4DeviceCustomIPv6Address4LabelDeviceCustomFloatingPoint1DeviceCustomFloatingPoint1LabelDeviceCustomFloatingPoint2DeviceCustomFloatingPoint2LabelDeviceCustomFloatingPoint3DeviceCustomFloatingPoint3LabelDeviceCustomFloatingPoint4DeviceCustomFloatingPoint4LabelDeviceCustomNumber1DeviceCustomNumber1LabelDeviceCustomNumber2DeviceCustomNumber2LabelDeviceCustomNumber3DeviceCustomNumber3LabelDeviceCustomString1DeviceCustomString1LabelDeviceCustomString2DeviceCustomString2LabelDeviceCustomString3DeviceCustomString3LabelDeviceCustomString4DeviceCustomString4LabelDeviceCustomString5DeviceCustomString5LabelDeviceCustomString6DeviceCustomString6LabelDeviceCustomDate1DeviceCustomDate1LabelDeviceCustomDate2DeviceCustomDate2LabelFlexDate1FlexDate1LabelFlexNumber1FlexNumber1LabelFlexNumber2FlexNumber2LabelFlexString1FlexString1LabelFlexString2FlexString2LabelAdditionalExtensionsStartTime [UTC]EndTime [UTC]Type_ResourceId
2267443127.0. 0.1127.0. 0.1deviceNameExample.com4.1Anomalous Connection/Anomalous SSL without SNI to New External1907243message=. . SSL certificate validation failed with (unable to get local issuer certificate);darktraceUrl=https://sample/mb/1907243 CommonSecurityLog
3267443127.0. 0.110.12.13.144.1Anomalous Connection/Anomalous SSL without SNI to New Externalslammar.iotrap.com1907242message=. . SSL certificate validation failed with (unable to get local issuer certificate);darktraceUrl=https://sample/mb/1907242 CommonSecurityLog
4176445127.0. 0.1.2210.20.15.104.1Anomalous Server Activity/Anomalous External Activity from Critical Network Device1907249darktraceUrl=https://sample/mb/1907249 CommonSecurityLog
52683389127.0. 0.1.1110.40.30.204.1Anomalous Connection/Anomalous SSL without SNI to New Externals1-ip6da00:15:5d:24:03:4a1900990message=. . SSL certificate seen younger than 30.0 days;darktraceUrl=https://sample/mb/1900990 CommonSecurityLog
62683389127.0. 0.1.11127.0. 0.1.11s1-ip6da4.1Anomalous Connection/Anomalous SSL without SNI to New External00:15:5d:24:03:4a1900991deviceMacAddress=00:15:5d:24:03:4a;message=. . SSL certificate seen younger than 30.0 days;darktraceUrl=https://sample/mb/1900991 CommonSecurityLog
7176445127.0. 0.1.2210.20.15.104.1Anomalous Server Activity/Anomalous External Activity from Critical Network Device1900999darktraceUrl=https://sample/mb/1900999 CommonSecurityLog
826844352.112.212.7710.180.18.1username-XPS-13-93504.1Anomalous Connection/Anomalous SSL without SNI to New External1874731deviceMacAddress=c8:ff:28:b6:2c:d7;darktraceUrl=https://sample/mb/1874731 CommonSecurityLog
9268338910.180.80.4510.180.1.184.1Anomalous Connection/Anomalous SSL without SNI to New External1875106message=. . SSL certificate validation failed with (unable to get local issuer certificate);darktraceUrl=https://sample/mb/1875106 CommonSecurityLog
10268338910.180.80.4510.180.80.454.1Anomalous Connection/Anomalous SSL without SNI to New External1875108message=. . SSL certificate validation failed with (unable to get local issuer certificate);darktraceUrl=https://sample/mb/1875108 CommonSecurityLog
11268443152.179.58.16510.161.1.2C02Z85AYLVDC4.1Anomalous Connection/Anomalous SSL without SNI to New External1875226deviceMacAddress=a4:83:e7:9d:c1:f9;darktraceUrl=https://sample/mb/1875226 CommonSecurityLog
12268522927.220.55.34112.24.71.20Galaxy-S64.1Anomalous Connection/Anomalous SSL without SNI to New External1875651deviceMacAddress=00:ae:fa:65:f4:24;darktraceUrl=https://sample/mb/1875651 CommonSecurityLog
13268443217.41.245.117112.24.71.170LA-3654.1Anomalous Connection/Anomalous SSL without SNI to New External1872713deviceMacAddress=f8:ff:c2:04:f8:6a;message=. . SSL certificate validation failed with (unable to get local issuer certificate);darktraceUrl=https://sample/mb/1872713 CommonSecurityLog
14268443187.167.182.11110.20.30.44.1Anomalous Connection/Anomalous SSL without SNI to New External1874089message=. . SSL certificate validation failed with (self signed certificate);darktraceUrl=https://sample/mb/1874089 CommonSecurityLog
15268443187.167.182.111187.167.182.1114.1Anomalous Connection/Anomalous SSL without SNI to New External1874090message=. . SSL certificate validation failed with (self signed certificate);darktraceUrl=https://sample/mb/1874090 CommonSecurityLog
16390614.74.114.22014.74.114.2204.1User/Unusual External Source for Credential Use1893897message=. . Unusual source for use of example@sample.com from AS2905 TICSA-ASN. example@sample.com;darktraceUrl=https://sample/mb/1893897 CommonSecurityLog
1734970.0.0.04.1System/System1870730message=. . Probe error;darktraceUrl=https://sample/mb/1870730 CommonSecurityLog
18267443201.67.185.3010.180.18.1username-XPS-13-93504.1Anomalous Connection/Anomalous SSL without SNI to New External1878552deviceMacAddress=c8:ff:28:b6:2c:d7;darktraceUrl=https://sample/mb/1878552 CommonSecurityLog
19266443201.67.180.2210.110.10.8FFMZJD0SJC674.1Anomalous Connection/Anomalous SSL without SNI to New External1878553deviceMacAddress=56:fb:e2:58:37:4a;darktraceUrl=https://sample/mb/1878553 CommonSecurityLog
20465644314.74.114.22014.74.114.114.1Antigena/Network/External Threat/Antigena Quarantine Example test client1837581darktraceUrl=https://sample/mb/1837581 CommonSecurityLog
2126644314.74.114.22014.74.114.2username-XPS-13-93504.1Anomalous Connection/Anomalous SSL without SNI to New External1898432deviceMacAddress=c8:ff:28:b6:2c:d7;darktraceUrl=https://sample/mb/1898432 CommonSecurityLog
22176445127.0. 0.1.2210.180.80.544.1Anomalous Server Activity/Anomalous External Activity from Critical Network Device1909925darktraceUrl=https://sample/mb/1909925 CommonSecurityLog
232673389254.169.184.8210.30.40.204.1Anomalous Connection/Anomalous SSL without SNI to New External1902616message=. . SSL certificate seen younger than 30.0 days;darktraceUrl=https://sample/mb/1902616 CommonSecurityLog
242683389254.169.184.82254.169.184.824.1Anomalous Connection/Anomalous SSL without SNI to New External1902617message=. . SSL certificate seen younger than 30.0 days;darktraceUrl=https://sample/mb/1902617 CommonSecurityLog
25465544314.74.114.220120.239.186.1584.1Antigena/Network/External Threat/Antigena Quarantine Example test clientmotd.ubuntu.com1902823darktraceUrl=https://sample/mb/1902823 CommonSecurityLog