Azure-Sentinel/Sample Data/CitrixAnalytics_userProfile_CL.json

[{
   "tenant_id":"jimex9vbhnya",
   "cur_riskscore":25,
   "timestamp":"2021-11-05T10:07:33.652Z",
   "event_type":"userProfileRiskscore",
   "version":2,
   "entity_id":"sanitized@sanitized.com",
   "entity_type":"user"
},
{
   "app":"Remote Desktop Client",
   "cnt":1,
   "entity_id":"sanitized@sanitized.com",
   "entity_type":"user",
   "event_type":"userProfileApp",
   "session_domain":"CITRITE",
   "tenant_id":"jimex9vbhnya",
   "timestamp":"2021-12-15T01:00:00Z",
   "user_samaccountname":"CITRITE\\robertova",
   "version":2
},
{
   "data_usage_bytes":49078650,
   "deleted_file_cnt":0,
   "downloaded_bytes":49078650,
   "downloaded_file_cnt":1,
   "entity_id":"sanitized@sanitized.com",
   "entity_type":"user",
   "event_type":"userProfileUsage",
   "shared_file_cnt":0,
   "tenant_id":"jimex9vbhnya",
   "timestamp":"2021-12-12T01:00:00Z",
   "uploaded_bytes":0,
   "uploaded_file_cnt":0,
   "version":2
},
{
   "city":"Sydney",
   "cnt":1,
   "country":"Australia",
   "entity_id":"sanitized@sanitized.com",
   "entity_type":"user",
   "event_type":"userProfileLocation",
   "tenant_id":"jimex9vbhnya",
   "timestamp":"2021-12-15T13:00:00Z",
   "version":2
},
{
   "cnt":3,
   "device":"iPhone",
   "entity_id":"sanitized@sanitized.com",
   "entity_type":"user",
   "event_type":"userProfileDevice",
   "tenant_id":"jimex9vbhnya",
   "timestamp":"2021-12-15T01:00:00Z",
   "version":2
}]