Azure-Sentinel/Sample Data/CitrixAnalytics_indicatorSummary_CL.json

[{
  "tenant_id": "jimex9vbhnya",
  "indicator_id": 0,
  "indicator_uuid": "43a838da-fc21-55bf-a0e4-060090070eeb",
  "indicator_category_id": 1,
  "indicator_vector": {
    "name": "Insider Threat - Files",
    "id": "6"
  },
  "data_source_id": 0,
  "timestamp": "2021-06-08T06:59:59Z",
  "event_type": "indicatorSummary",
  "entity_type": "user",
  "entity_id": "sanitized@sanitized.com",
  "version": 2,
  "risk_probability": 1,
  "indicator_category": "Data exfiltration",
  "indicator_name": "Excessive file downloads",
  "severity": "medium",
  "data_source": "Citrix Content Collaboration",
  "ui_link": "https://analytics-daily.cloud.com/user/eyJoaWdobGlnaHREZWZhdWx0IjoidHJ1ZSIsImhpdElkIjoiNDNhODM4ZGEtZmMyMS01NWJmLWEwZTQtMDYwMDkwMDcwZWViIiwiaW5kaWNhdG9ySWQiOjAsInVzZXJJZCI6InVzZXIxXzc3MjQ5MV8yMDIxMDYwOEBqaW1leDl2YmhueWEuY29tIiwidXNlcl9pZCI6InVzZXIxXzc3MjQ5MV8yMDIxMDYwOEBqaW1leDl2YmhueWEuY29tIiwic3JjX25hbWUiOiJzaWVtIn0=",
  "indicator_type": "builtin",
  "occurrence_details": {
    "event_count": 9,
    "relevant_event_type": "Download",
    "exfiltrated_data_volume_in_bytes": 307800000,
    "observation_start_time": "2021-06-08T06:00:00Z"
  }
}]