215 строки
8.2 KiB
JSON
215 строки
8.2 KiB
JSON
[
|
|
{
|
|
"action":"",
|
|
"application":"Google Apps",
|
|
"fileid":"1WdkjMqjaVefVSwx-NXaD5_W2ZPJrtpTk",
|
|
"filelink":"https://drive.google.com/a/acme-gadget.com/file/d/1WdkjMqjaVefVSwx-NXaD5_W2ZPJrtpTk/view?usp=drivesdk",
|
|
"filename":"1-MB-Test.docx",
|
|
"folder":"/My Drive/Test Encryption",
|
|
"owner":"sanitized@sanitized.com",
|
|
"patterns":"",
|
|
"sharedwith":"",
|
|
"size":"",
|
|
"status":"Private",
|
|
"syslogheader":"<110>1 2019-11-15T10:30:34Z api.bitglass.com NILVALUE NILVALUE cloudaudit",
|
|
"time":"20 Sep 2021 12:22:51",
|
|
"log_type": "cloudaudit"
|
|
},
|
|
{
|
|
"action":"Alert, Blocked, DLP, Notify",
|
|
"activity":"Cloudstorage, Downloaded, Web",
|
|
"application":"Google Drive",
|
|
"details":"",
|
|
"device":"Mac OS X 10.13.6",
|
|
"dlppattern":"SecretProjects [Security Overview (Secret).docx (hawk)]",
|
|
"email":"sanitized@sanitized.com",
|
|
"emailbcc":"",
|
|
"emailcc":"",
|
|
"emailfrom":"",
|
|
"emailsenttime":"",
|
|
"emailsubject":"",
|
|
"emailto":"",
|
|
"filename":"Security Overview (Secret).docx",
|
|
"ipaddress":"106.180.8.231",
|
|
"location":"Yokohama||Kanagawa||14||JP",
|
|
"pagetitle":"",
|
|
"request":"",
|
|
"syslogheader":"<114>1 2019-12-03T08:09:31.975000Z api.bitglass.com NILVALUE NILVALUE access",
|
|
"time":"20 Sep 2021 12:22:51",
|
|
"transactionid":"XeYYOwpaFUoAAL4EdmcAAABj [2019-12-03 08:09:31]",
|
|
"url":"docs.google.com/document/u/0",
|
|
"user":"Demo O365SF",
|
|
"useragent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36 OPR/65.0.3467.48",
|
|
"log_type": "access"
|
|
},
|
|
{
|
|
"action":"",
|
|
"activity":"",
|
|
"application":"Bitglass",
|
|
"details":"Admin changed saml_issuer_id in the SSO config for Oracle Cloud",
|
|
"device":"Mac OS X 10.15.3",
|
|
"dlppattern":"",
|
|
"email":"sanitized@sanitized.com",
|
|
"emailbcc":"",
|
|
"emailcc":"",
|
|
"emailfrom":"",
|
|
"emailsenttime":"",
|
|
"emailsubject":"",
|
|
"emailto":"",
|
|
"filename":"",
|
|
"ipaddress":"50.226.196.118",
|
|
"location":"Campbell||California||CA||US",
|
|
"pagetitle":"",
|
|
"request":"",
|
|
"syslogheader":"<110>1 2020-02-27T21:58:46.359000Z api.bitglass.com NILVALUE NILVALUE access",
|
|
"time":"27 Feb 2020 21:58:46",
|
|
"transactionid":"aaa9b64f411f61b959a6d27d2f51b9b42c2ed116 [27 Feb 2020 21:58:46]",
|
|
"url":"/admin/applications/edit/80839/custom-app-saml/cf23e347-c1d4-44ac-9ddb-d7a43633f0a2/",
|
|
"user":"Amit Singh",
|
|
"useragent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
|
|
"log_type": "admin"
|
|
},
|
|
{
|
|
"syslogheader":"<110>1 2021-04-01T05:17:21.000000Z api.bitglass.com NILVALUE NILVALUE swgweb",
|
|
"protocol":"http",
|
|
"customlocation":"[]",
|
|
"requestmethod":"GET",
|
|
"usergroup":"['67521', 'All Users']",
|
|
"bgcategories":"[\"BG:Uncategorized\"]",
|
|
"size":"0",
|
|
"city":"San Jose",
|
|
"deviceguid":"DA10D6D4-0868-4523-8A1C-210F1845EE3B",
|
|
"destinationip":"",
|
|
"ipaddress":"24.4.172.200",
|
|
"webreputation":"80.00",
|
|
"long":"-121.83600000",
|
|
"requestdomain":"pokerstars.bet",
|
|
"setransactionid":"E1500463-850B-4CC9-8A31-F990AA6CEF1E",
|
|
"arguments":"",
|
|
"indexedtime":"2021-04-01 05:30:04",
|
|
"email":"sanitized@sanitized.com",
|
|
"bgcloudscore":"0.00",
|
|
"firstname":"Amit",
|
|
"lastname":"Singh",
|
|
"devicehostname":"amdas-vm-win10",
|
|
"regioncode":"CA",
|
|
"lat":"37.25070000",
|
|
"uploadedbytes":"0",
|
|
"webcategories":"[\"WR:Gambling\"]",
|
|
"countrycode":"US",
|
|
"referrer":"",
|
|
"country":"United States",
|
|
"region":"California",
|
|
"uri":"/",
|
|
"customcategories":"[]",
|
|
"time":"20 Sep 2021 12:22:51",
|
|
"action":"block",
|
|
"useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36",
|
|
"webcategoryclass":"[\"Questionable/Legal\"]",
|
|
"log_type": "swgweb"
|
|
},
|
|
{
|
|
"syslogheader":"<110>1 2021-02-05T23:34:19.000000Z api.bitglass.com NILVALUE NILVALUE swgwebdlp",
|
|
"docextension":"docx",
|
|
"protocol":"https",
|
|
"customlocation":"[]",
|
|
"doctype":"docx",
|
|
"requestmethod":"POST",
|
|
"usergroup":"['67521', 'All Users']",
|
|
"bgcategories":"[\"BG:Others\"]",
|
|
"docsha256":"7c31b3b98dca839186621aee692d7613d0c282ad485c770475c9f18eb5211d23",
|
|
"size":"864",
|
|
"city":"Fremont",
|
|
"deviceguid":"D792BF82-1BC5-4836-A80C-3A7102EFA669",
|
|
"destinationip":"",
|
|
"ipaddress":"76.244.42.214",
|
|
"webreputation":"92.00",
|
|
"long":"-121.97320000",
|
|
"requestdomain":"filebin.net",
|
|
"setransactionid":"1D7B4BAF-7BAC-4ADD-AC0B-0CAF40F9AB66",
|
|
"arguments":"",
|
|
"dlppattern":"[\"Purple\"]",
|
|
"indexedtime":"2021-02-06 00:59:01",
|
|
"email":"sanitized@sanitized.com",
|
|
"bgcloudscore":"5.00",
|
|
"firstname":"Amit",
|
|
"lastname":"Singh",
|
|
"devicehostname":"desktop-625d92e",
|
|
"regioncode":"CA",
|
|
"docsha1":"",
|
|
"policyid":"251773",
|
|
"lat":"37.52810000",
|
|
"transactionid":"YB3WKjINin8t@9uV@w@3KwAABAU",
|
|
"threatindicator":"[]",
|
|
"uploadedbytes":"31466",
|
|
"webcategories":"[\"WR:Personal Storage\"]",
|
|
"docmd5":"",
|
|
"countrycode":"US",
|
|
"keyword":"[\"purple\"]",
|
|
"referrer":"https://filebin.net/9e3hnzwui1zx4zbu",
|
|
"country":"United States",
|
|
"region":"California",
|
|
"uri":"/",
|
|
"customcategories":"[]",
|
|
"time":"20 Sep 2021 12:22:51",
|
|
"action":"tobitglass",
|
|
"useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36",
|
|
"webcategoryclass":"[\"Business/Government/Services\"]",
|
|
"log_type": "swgwebdlp"
|
|
},
|
|
{
|
|
"syslogheader":"<110>1 2021-07-16T12:10:17.022428Z api.bitglass.com NILVALUE NILVALUE access",
|
|
"time":"20 Sep 2021 12:22:51",
|
|
"user":"Demo O365SF",
|
|
"email":"sanitized@sanitized.com",
|
|
"usergroup":"Academic, Demo Gizmo Only, Demo Only, GizmoUsers, Risky Users, RiskyUsers",
|
|
"device":"Windows nil",
|
|
"application":"Office 365",
|
|
"activity":"Server4xx",
|
|
"url":"https://login.microsoftonline.com/ccf88654-4631-4307-a76d-49972ac91498/oauth2/token",
|
|
"responsecode":400,
|
|
"transactionid":"YPF3KSeG9sCgVaEESA0zxgAAAMY [16 Jul 2021 12:10:17]",
|
|
"deviceguid":"D3B0C5A5-F677-4658-9111-0360E3B5F038",
|
|
"ipaddress":"24.92.139.31",
|
|
"location":"Columbus||Ohio||OH||US",
|
|
"requestmethod":"",
|
|
"useragent":"Windows-AzureAD-Authentication-Provider/1.0",
|
|
"log_type": "healthproxy"
|
|
},
|
|
{
|
|
"syslogheader":"<110>1 2021-07-28T21:13:31.730349Z api.bitglass.com NILVALUE NILVALUE access",
|
|
"time":"20 Sep 2021 12:22:51",
|
|
"user":"Demo Google",
|
|
"email":"sanitized@sanitized.com",
|
|
"usergroup":"DemoUsers, RiskyUsers",
|
|
"device":"",
|
|
"application":"Google Apps",
|
|
"activity":"Server4xx",
|
|
"url":"/My Drive/Demo/Engineering (Block)",
|
|
"responsecode":null,
|
|
"transactionid":"00681f60-ef51-4ec8-af23-6baa3538609b [28 Jul 2021 21:13:31]",
|
|
"filename":"Security Overview (Secret)",
|
|
"fileid":"117VHdwNpGrbMZpp7UPSCe3j_TW-9laS4wdTnZVGP7aM",
|
|
"status":"Internal, Shared, DLP",
|
|
"log_type": "healthapi"
|
|
},
|
|
{
|
|
"syslogheader":"<110>1 2021-07-16T09:05:45.801018Z api.bitglass.com NILVALUE NILVALUE access",
|
|
"time":"20 Sep 2021 12:22:51",
|
|
"user":"Amit Singh",
|
|
"email":"sanitized@sanitized.com",
|
|
"usergroup":"All TME, Amit-Gadget, Bitglass Admins, EDMGroup, OCI_NetworkAdmins, Overview Report, RiskyUsers, SNOW-Encrypt, SNOW_Notification, System Administrator, admin-acme-gadget.com, oracle",
|
|
"device":"",
|
|
"application":"Bitglass",
|
|
"activity":"Bitglass4xx, RestAPI",
|
|
"url":"",
|
|
"responsecode":429,
|
|
"transactionid":"6c1f4086-58c3-43bd-aa33-04fe262572ef [16 Jul 2021 09:05:45]",
|
|
"deviceguid":"",
|
|
"ipaddress":"3.140.207.46",
|
|
"location":"Columbus||Ohio||OH||US",
|
|
"requestmethod":"",
|
|
"useragent":"",
|
|
"log_type": "healthsystem"
|
|
}
|
|
] |