Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Sample Data/Custom/CarbonBlackAuditLogs_CL.json

2403 строки
100 KiB
JSON
Исходник Ответственный История

[
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-22T13:30:01.938Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59015E+12",
"eventId_g": "1c4f8c6b-9c30-11ea-ba83-e3cb965acc5e",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "98.98.98.98",
"verbose_b": "TRUE",
"description_s": "SHA256 Hash\tTo Row:50\tFrom Row:1\tDevice ID\tSearch:ALL\tIncident ID\tAction:Page Load\tTab:Settings (Enrollment)\tCountry Code",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-22T13:30:01.938Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59015E+12",
"eventId_g": "1c9b8a0d-9c30-11ea-88de-e303799b07ea",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "98.98.98.98",
"verbose_b": "TRUE",
"description_s": "From Row:1\tAction:Page Load\tSearch:ALL\tTo Row:50\tIncident ID\tDevice ID\tTab:Settings (Enrollment)\tSHA256 Hash\tCountry Code",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-22T13:30:01.938Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/binary/knownbad",
"eventTime_d": "1.59015E+12",
"eventId_g": "20bf1bb2-9c30-11ea-8979-f9c33d0ca68b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "98.98.98.98",
"verbose_b": "TRUE",
"description_s": "To Row:50\tTab:Malware Removal\tFrom Row:1\tCountry Code\tIncident ID\tSearch:ALL\tDevice ID\tAction:Page Load\tSHA256 Hash",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-22T13:30:01.938Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59015E+12",
"eventId_g": "2d0cfac0-9c30-11ea-ba83-e3cb965acc5e",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "98.98.98.98",
"verbose_b": "TRUE",
"description_s": "SHA256 Hash\tTo Row:50\tFrom Row:1\tDevice ID\tSearch:ALL\tIncident ID\tAction:Page Load\tTab:Settings (Enrollment)\tCountry Code",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-20T22:13:59.099Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59001E+12",
"eventId_g": "6c811b4c-9ae5-11ea-9b09-a362a0f9c65c",
"loginName_s": "XKFHEIYWPRU",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "166.166.166.166",
"verbose_b": "FALSE",
"description_s": "Connector XKFHEIYWPRU logged in successfully",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T03:40:02.362Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59003E+12",
"eventId_g": "ad10ec9c-9b14-11ea-84c5-b7135c66eb0b",
"loginName_s": "XKFHEIYWPRU",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "166.166.166.166",
"verbose_b": "FALSE",
"description_s": "Connector XKFHEIYWPRU logged in successfully",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59002E+12",
"eventId_g": "55cc03ec-9af5-11ea-84c5-b7135c66eb0b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "Tab:Settings (Enrollment)\tCountry Code\tSearch:ALL\tAction:Page Load\tIncident ID\tDevice ID\tFrom Row:1\tSHA256 Hash\tTo Row:20",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59002E+12",
"eventId_g": "577a7719-9af5-11ea-9405-4d747d8e3015",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "Tab:Settings (Enrollment)\tTo Row:20\tCountry Code\tAction:Page Load\tDevice ID\tIncident ID\tFrom Row:1\tSearch:ALL\tSHA256 Hash",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59002E+12",
"eventId_g": "5c0f8f67-9af5-11ea-9bdf-477655f49173",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "Search:ALL\tTo Row:20\tIncident ID\tAction:Page Load\tFrom Row:1\tSHA256 Hash\tTab:Settings (Enrollment)\tCountry Code\tDevice ID",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "78d9b56b-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Initiated request 78d2897a9af511ea9b096db8ca5e6d38 to dismiss alerts using query: {\n \"criteria\" : {\n \"id\" : [ \"42BD52C7C8D9A3CA2FBB8349173A6930\", \"2A4936D614FCC41993AD65EB26513AB0\", \"40A296AB126204AB149D1678644835C8\", \"6028393E12EE7296D81FEC6301614B41\", \"766D7FFADF1AF2EA503B00025B72A24A\", \"45EBA89A322353DB2C063B38FC722909\", \"00DBE64C837D5A2D5816749B0E808335\", \"AC16F08749B347B7F14AAF46E38BF128\", \"017DDEBC11888FA0DDBCC94632A53851\", \"5E9B9EDD7DDD3DA0561F6FE7921A0E43\", \"12FF5D7D0FF3707494B5CBA85825FC80\", \"F94FE0234B059A20A6413459528CAAFA\", \"46BCBD10FC84D30A559DD83D6CDE5240\", \"A48EDE301E6ECF777FE68C9A38385030\", \"FA39E0895F38DA9D5CC1DDC8C442CE4D\", \"3A2EC925C4C8846D89192BBD8370E432\", \"568D1DC8C16CB9039C16078A95BF7930\", \"BE4C8BB12746326A17DF7A785877D215\", \"5E47D3F5A8B2E69AE3FFEE71C764C536\", \"94E7DAFB80DC21697B3E1F0159AAF26B\", \"915DE93024681B21C0F480FFD5FF45E0\", \"3848CBA40828217ACCF81D684B904ACE\", \"B166AF8715989AEFE55968BEE2A2CB0D\", \"F0FC88951ACD8229D97661C0C83AA609\", \"353D2221966BB9BBB71F92FDD9F45E5C\", \"7186E4F383B0A61B623E0E388EFB8A01\", \"A345B8E839F0EA20A62C2F874033CA8D\", \"5971674718EEDF019A8D027569D840CA\", \"5B50182504E45A47D380867008640A69\", \"EC9D5F89F63A2B3575AED51E69F97869\", \"5F936AC88188CCF3C2E269DFBBE4DE81\", \"B2DA83B4C2533B8BA37F0DBD1447A129\", \"B8DC8D80D3E377BB03E3F029A6CFA1C8\", \"EBB2CEBED5979561F1EBC2F24CEBDA7A\", \"98044AD507DA9A42398B47AFFE75D5E2\", \"C60532E4EDC178A1281FEC2376C118A8\", \"728B0BD1ABAF382150B3AF5A94C60095\", \"A6FB864E1EF323A8E6FDD021BAC17AE1\", \"C04C42C2F5A847F8713EA929D1F44B8A\", \"509EA9A85A0D0BEEA31BC619B116321D\", \"3C854E0DEF04A7588AE79FA44641893D\", \"7E9F005DA432B4FDE2DD6C24424083F7\", \"689D3BA8FAE8135929D312E8B704DF64\", \"3F5B7C3E814FB8B6C59B011232AAEB48\", \"22D89AD5C4A494F57FD5674031597C4E\", \"70A3E8B6D4D08F76FAB3FF56EBC26949\", \"08DF0FAF73D3212E034AF88CF78F276F\", \"AF4E00F4A38ED2996ADD7CAB714004FD\", \"11F735892214864E672A7B0A184D1E25\", \"8CD2F4E83BF8266C90F1F2188DFC5D09\" ],\n \"group_results\" : false,\n \"create_time\" : {\n \"start\" : \"2020-05-06T23:56:07Z\",\n \"end\" : \"2020-05-20T23:56:07Z\",\n \"range\" : \"-2w\",\n \"all_time\" : false\n }\n }\n}. Dismissal reason marked as INVESTIGATED_OR_ESCALATED.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373bc-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002264-00000000-1d62cbd436c2315-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373bd-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002fd4-00000000-1d62cc5e27b0f31-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373be-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002864-00000000-1d62e6afb1b222d-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373bf-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002da8-00000000-1d62e8420698702-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c0-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002fd4-00000000-1d62cc5e27b0f31-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c1-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002cc4-00000000-1d62cbfde6408ca-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c2-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002264-00000000-1d62cbd436c2315-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c3-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-000029b4-00000000-1d62eb66bd066ed-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c4-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002e4c-00000000-1d62e51d864d1e4-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c5-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-000027a8-00000000-1d62e51dba0d3c0-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c6-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00001f04-00000000-1d62e51d5b9106b-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c7-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00000f40-00000000-1d62e51dd94d749-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c8-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00001988-00000000-1d62e51d5b91029-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373c9-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-000027a8-00000000-1d62e51dba0d3c0-GUWNtEmJQhKmuOTxoRV8hA-b928f28c-9caf-4e13-8ad9-325017c816ac dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373ca-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002994-00000000-1d62e51da6a84cf-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373cb-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-000027a8-00000000-1d62e51dba0d3c0-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373cc-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-000027a8-00000000-1d62e51dba0d3c0-GUWNtEmJQhKmuOTxoRV8hA-b928f28c-9caf-4e13-8ad9-325017c816ac dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373cd-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00000f40-00000000-1d62e51dd94d749-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373ce-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00001f04-00000000-1d62e51d5b9106b-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373cf-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002e4c-00000000-1d62e51d864d1e4-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "794373d0-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002994-00000000-1d62e51da6a84cf-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae1-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00001988-00000000-1d62e51d5b91029-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae2-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002f68-00000000-1d62e9d45b977c8-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae3-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00000c3c-00000000-1d62ec563ae64c6-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae4-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00001cd4-00000000-1d62ec566209384-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae5-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-0000293c-00000000-1d62ec56be95193-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae6-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-0000293c-00000000-1d62ec56be95193-GUWNtEmJQhKmuOTxoRV8hA-b928f28c-9caf-4e13-8ad9-325017c816ac dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae7-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-000000c4-00000000-1d62ec569f29df2-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae8-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00001e70-00000000-1d62ec560ee6692-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439ae9-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-000016a4-00000000-1d62ec560ee5c98-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439aea-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-000022e8-00000000-1d62ede863d8de4-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439aeb-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002fd4-00000000-1d62cc5e27b0f31-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439aec-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002264-00000000-1d62cbd436c2315-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439aed-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002cc4-00000000-1d62cbfde6408ca-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439aee-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002cc4-00000000-1d62cbfde6408ca-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439aef-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002264-00000000-1d62cbd436c2315-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af0-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002fd4-00000000-1d62cc5e27b0f31-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af1-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00001e70-00000000-1d62ec560ee6692-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af2-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-000016a4-00000000-1d62ec560ee5c98-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af3-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002264-00000000-1d62cbd436c2315-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af4-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002cc4-00000000-1d62cbfde6408ca-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af5-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002fd4-00000000-1d62cc5e27b0f31-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af6-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00000fcc-00000000-1d62ef7ab8cb907-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af7-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00000fcc-00000000-1d62ef7ab8cb907-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af8-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002264-00000000-1d62cbd436c2315-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439af9-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002cc4-00000000-1d62cbfde6408ca-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439afa-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002fd4-00000000-1d62cc5e27b0f31-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439afb-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002264-00000000-1d62cbd436c2315-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439afc-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002cc4-00000000-1d62cbfde6408ca-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "79439afd-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Alert NE2F3D55-013a6074-00002fd4-00000000-1d62cc5e27b0f31-GUWNtEmJQhKmuOTxoRV8hA-6e5ae551-1cbb-45b3-b7a1-1569c0458f6b dismissed on device 20602996. Associated with request 78d2897a9af511ea9b096db8ca5e6d38.",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59002E+12",
"eventId_g": "7964425e-9af5-11ea-9b09-a362a0f9c65c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Dismissed 50 alerts associated with request 78d2897a9af511ea9b096db8ca5e6d38",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T00:00:02.567Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59002E+12",
"eventId_g": "85840c17-9af5-11ea-b921-85da2198bc2c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "SHA256 Hash\tTo Row:20\tTab:Settings (Enrollment)\tCountry Code\tIncident ID\tSearch:ALL\tFrom Row:1\tAction:Page Load\tDevice ID",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T04:30:02.329Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59004E+12",
"eventId_g": "1332f41d-9b1b-11ea-9405-4d747d8e3015",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "Tab:Settings (Enrollment)\tTo Row:20\tCountry Code\tAction:Page Load\tDevice ID\tIncident ID\tFrom Row:1\tSearch:ALL\tSHA256 Hash",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T04:30:02.329Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59004E+12",
"eventId_g": "13dd8c01-9b1b-11ea-87fe-5ffc8ff2649e",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "SHA256 Hash\tSearch:ALL\tAction:Page Load\tTo Row:20\tIncident ID\tFrom Row:1\tTab:Settings (Enrollment)\tCountry Code\tDevice ID",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-21T04:30:02.329Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59004E+12",
"eventId_g": "25643d7d-9b1b-11ea-a897-5b5b103b1cc4",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "To Row:20\tSearch:ALL\tIncident ID\tCountry Code\tDevice ID\tTab:Settings (Enrollment)\tFrom Row:1\tAction:Page Load\tSHA256 Hash",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T18:45:01.905Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/reputations",
"eventTime_d": "1.5906E+12",
"eventId_g": "aeff86ff-a049-11ea-b5b5-e55f0282f26b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
"verbose_b": "FALSE",
"description_s": "Added SHA256 reputation (51dc180152ae3f4047fd099585d3440ad9348dc44f82a95ab77e17b5d069a861, senseir.exe) to WHITE_LIST",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T18:45:01.905Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.5906E+12",
"eventId_g": "b3931934-a049-11ea-ba83-e3cb965acc5e",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
"verbose_b": "TRUE",
"description_s": "SHA256 Hash\tTo Row:20\tFrom Row:1\tDevice ID\tSearch:ALL\tIncident ID\tAction:Page Load\tTab:Settings (Enrollment)\tCountry Code",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T18:45:01.905Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "org.springframework.web.servlet.support.ServletUriComponentsBuilder@56060ad9",
"eventTime_d": "1.5906E+12",
"eventId_g": "da918cf9-a049-11ea-8979-f9c33d0ca68b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
"verbose_b": "FALSE",
"description_s": "Policy Standard was modified",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T18:45:01.905Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "org.springframework.web.servlet.support.ServletUriComponentsBuilder@56060ad9",
"eventTime_d": "1.5906E+12",
"eventId_g": "da944c1a-a049-11ea-8979-f9c33d0ca68b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
"verbose_b": "TRUE",
"description_s": "Tab: Settings (Policy)\tURL: /ui#settings/policy\tAction:Policy Settings Changed\tResult:\nCreated rule 72: When known malware that has a verified signature Runs or is running then TERMINATE\nCreated rule 73: When COMPANY_BLACK_LIST Runs or is running then TERMINATE\nCreated rule 74: When suspected malware Runs or is running then TERMINATE\nCreated rule 75: When adware or a potentially unwanted program Performs ransomware-like behavior then TERMINATE\nCreated rule 76: When an unknown application (ex. new application when offline) Scrapes memory of another process then TERMINATE\nCreated rule 77: When an unknown application (ex. new application when offline) Performs ransomware-like behavior then TERMINATE\nCreated rule 78: When a not listed application Scrapes memory of another process then TERMINATE\nCreated rule 79: When a not listed application Performs ransomware-like behavior then TERMINATE\nCreated rule 80: When an application at path: \"**/python\" Scrapes memory of another process then TERMINATE\nCreated rule 81: When an application at path: \"**\\powershell*.exe\" Scrapes memory of another process then TERMINATE\nCreated rule 82: When an application at path: \"**\\cscript.exe\" Scrapes memory of another process then TERMINATE\nCreated rule 83: When an application at path: \"**\\wscript.exe\" Scrapes memory of another process then TERMINATE\nCreated rule 84: When an application at path: \"**\\cscript.exe\" Injects code or modifies memory of another process then DENY\nCreated rule 85: When an application at path: \"**\\wscript.exe\" Injects code or modifies memory of another process then DENY\nDeleted rule 64: When a not listed application Scrapes memory of another process then TERMINATE\nDeleted rule 65: When a not listed application Performs ransomware-like behavior then TERMINATE\nDeleted rule 66: When an application at path: \"**\\powershell*.exe\" Scrapes memory of another process then TERMINATE\nDeleted rule 67: When an application at path: \"**/python\" Scrapes memory of another process then TERMINATE\nDeleted rule 68: When an application at path: \"**\\wscript.exe\" Scrapes memory of another process then TERMINATE\nDeleted rule 69: When an application at path: \"**\\cscript.exe\" Scrapes memory of another process then TERMINATE\nDeleted rule 70: When an application at path: \"**\\wscript.exe\" Injects code or modifies memory of another process then DENY\nDeleted rule 71: When an application at path: \"**\\cscript.exe\" Injects code or modifies memory of another process then DENY\nDeleted rule 57: When an application at path: \"C:\\program files\\windows defender advanced threat protection\\senseir.exe\" Performs any operation then IGNORE\nDeleted rule 58: When known malware that has a verified signature Runs or is running then TERMINATE\nDeleted rule 59: When COMPANY_BLACK_LIST Runs or is running then TERMINATE\nDeleted rule 60: When suspected malware Runs or is running then TERMINATE\nDeleted rule 61: When adware or a potentially unwanted program Performs ransomware-like behavior then TERMINATE\nDeleted rule 62: When an unknown application (ex. new application when offline) Scrapes memory of another process then TERMINATE\nDeleted rule 63: When an unknown application (ex. new application when offline) Performs ransomware-like behavior then TERMINATE\n",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T18:30:01.79Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.5906E+12",
"eventId_g": "714327f7-a047-11ea-8520-3d1e037febf5",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
"verbose_b": "TRUE",
"description_s": "Device ID\tTo Row:20\tSearch:ALL\tIncident ID\tSHA256 Hash\tAction:Page Load\tCountry Code\tFrom Row:1\tTab:Settings (Enrollment)",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T18:30:01.79Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.5906E+12",
"eventId_g": "71e3ad9d-a047-11ea-99ef-f5eee234d36b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
"verbose_b": "TRUE",
"description_s": "Country Code\tDevice ID\tTab:Settings (Enrollment)\tAction:Page Load\tSearch:ALL\tSHA256 Hash\tIncident ID\tFrom Row:1\tTo Row:20",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T18:30:01.79Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/actions/bypass/on",
"eventTime_d": "1.5906E+12",
"eventId_g": "fa8fee0e-a047-11ea-80bf-61e2e49eae77",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
"verbose_b": "FALSE",
"description_s": "Set Bypass to On for device(s): 20602996",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T18:30:01.79Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.5906E+12",
"eventId_g": "0e7353d1-a048-11ea-993c-853ce1998e5c",
"loginName_s": "Endpoint2",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "166.166.166.166",
"verbose_b": "FALSE",
"description_s": "Sensor Bypass Enabled (Admin Action)",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T19:20:01.855Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59061E+12",
"eventId_g": "8548df81-a04e-11ea-88de-e303799b07ea",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "User sanitized@sanitized.com retrieved secret for API ID 9I6MBV1DVI in org 12261",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T18:40:02.194Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.5906E+12",
"eventId_g": "4e229ff1-a049-11ea-9e56-7d8807a8b194",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
"verbose_b": "TRUE",
"description_s": "Action:Page Load\tCountry Code\tIncident ID\tSHA256 Hash\tTab:Settings (Enrollment)\tFrom Row:1\tTo Row:20\tDevice ID\tSearch:ALL",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T18:40:02.194Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/actions/bypass/off",
"eventTime_d": "1.5906E+12",
"eventId_g": "618dc846-a049-11ea-b5b5-e55f0282f26b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
"verbose_b": "FALSE",
"description_s": "Set Bypass to Off for device(s): 20602996",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T18:40:02.194Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.5906E+12",
"eventId_g": "62285ae1-a049-11ea-9030-39f61fd0b12c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
"verbose_b": "TRUE",
"description_s": "Action:Page Load\tSHA256 Hash\tTab:Settings (Enrollment)\tCountry Code\tSearch:ALL\tIncident ID\tDevice ID\tFrom Row:1\tTo Row:20",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T18:40:02.194Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.5906E+12",
"eventId_g": "6a18fa88-a049-11ea-ba83-e3cb965acc5e",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
"verbose_b": "TRUE",
"description_s": "SHA256 Hash\tTo Row:20\tFrom Row:1\tDevice ID\tSearch:ALL\tIncident ID\tAction:Page Load\tTab:Settings (Enrollment)\tCountry Code",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T19:00:02.555Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59061E+12",
"eventId_g": "00afef27-a04c-11ea-ae69-21cb7df9699b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "35.35.35.35",
"verbose_b": "TRUE",
"description_s": "Device ID\tFrom Row:1\tSHA256 Hash\tSearch:ALL\tTab:Settings (Enrollment)\tTo Row:20\tCountry Code\tAction:Page Load\tIncident ID",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T19:15:02.01Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59061E+12",
"eventId_g": "0122c38c-a04e-11ea-a717-d55d72138d6f",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "User sanitized@sanitized.com retrieved secret for API ID 9I6MBV1DVI in org 12261",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T19:15:02.01Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59061E+12",
"eventId_g": "21fb93d7-a04e-11ea-9860-398dfe606d2b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "User sanitized@sanitized.com retrieved secret for API ID G4ZZRJ4539 in org 12261",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T17:50:01.441Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.5906E+12",
"eventId_g": "4f5779c7-a042-11ea-8d4c-9f83d54b15b5",
"loginName_s": "XKFHEIYWPRU",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "166.166.166.166",
"verbose_b": "FALSE",
"description_s": "Connector XKFHEIYWPRU logged in successfully",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:15:01.852Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/binary/knownbad",
"eventTime_d": "1.59055E+12",
"eventId_g": "5ab2ac0b-9fbf-11ea-a717-d55d72138d6f",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "Search:ALL\tAction:Page Load\tDevice ID\tFrom Row:1\tTo Row:50\tIncident ID\tTab:Malware Removal\tSHA256 Hash\tCountry Code",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:15:01.852Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "88e37788-9fbf-11ea-8c38-d55b416c596c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "Country Code\tSHA256 Hash\tIncident ID\tTo Row:20\tAction:Page Load\tDevice ID\tSearch:ALL\tFrom Row:1\tTab:Settings (Enrollment)",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:15:01.852Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "896097b2-9fbf-11ea-b5b5-e55f0282f26b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "To Row:20\tFrom Row:1\tIncident ID\tTab:Settings (Enrollment)\tDevice ID\tAction:Page Load\tCountry Code\tSHA256 Hash\tSearch:ALL",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:15:01.852Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "8c532355-9fbf-11ea-a431-bd4a54c45663",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "Search:ALL\tCountry Code\tAction:Page Load\tIncident ID\tSHA256 Hash\tFrom Row:1\tTab:Settings (Enrollment)\tTo Row:20\tDevice ID",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:35:02.512Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/reputations/delete",
"eventTime_d": "1.59055E+12",
"eventId_g": "0beb8e8e-9fc2-11ea-9860-398dfe606d2b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Deleted reputations 908b64b1971a979c7e3e8ce4621945cba84854cb98d76367b791a6e22b5f6d53",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:25:02.205Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "928db8ba-9fc0-11ea-8520-3d1e037febf5",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "Device ID\tTo Row:20\tSearch:ALL\tIncident ID\tSHA256 Hash\tAction:Page Load\tCountry Code\tFrom Row:1\tTab:Settings (Enrollment)",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:25:02.205Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "9d146c9c-9fc0-11ea-88de-e303799b07ea",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "From Row:1\tAction:Page Load\tSearch:ALL\tTo Row:20\tIncident ID\tDevice ID\tTab:Settings (Enrollment)\tSHA256 Hash\tCountry Code",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:25:02.205Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/actions/hashes/908b64b1971a979c7e3e8ce4621945cba84854cb98d76367b791a6e22b5f6d53/upload",
"eventTime_d": "1.59055E+12",
"eventId_g": "1a5935f7-9fc1-11ea-9030-39f61fd0b12c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Upload Hash 908b64b1971a979c7e3e8ce4621945cba84854cb98d76367b791a6e22b5f6d53 requested for device(s): 20602996",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:25:02.205Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/binary/knownbad",
"eventTime_d": "1.59055E+12",
"eventId_g": "247f535e-9fc1-11ea-b474-ad2b1b5a8589",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "Incident ID\tDevice ID\tAction:Page Load\tSearch:ALL\tSHA256 Hash\tFrom Row:1\tCountry Code\tTab:Malware Removal\tTo Row:50",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:25:02.205Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/binary/knownbad",
"eventTime_d": "1.59055E+12",
"eventId_g": "2e7d4ede-9fc1-11ea-8520-3d1e037febf5",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "Device ID\tTo Row:50\tSearch:ALL\tIncident ID\tSHA256 Hash\tAction:Page Load\tCountry Code\tFrom Row:1\tTab:Malware Removal",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:30:01.685Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/reputations",
"eventTime_d": "1.59055E+12",
"eventId_g": "6c35c8aa-9fc1-11ea-9860-398dfe606d2b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Added SHA256 reputation (908b64b1971a979c7e3e8ce4621945cba84854cb98d76367b791a6e22b5f6d53, powershell.exe) to WHITE_LIST",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:30:01.685Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "75cbb488-9fc1-11ea-9e56-7d8807a8b194",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "Action:Page Load\tCountry Code\tIncident ID\tSHA256 Hash\tTab:Settings (Enrollment)\tFrom Row:1\tTo Row:20\tDevice ID\tSearch:ALL",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:30:01.685Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "7abecb07-9fc1-11ea-ae69-21cb7df9699b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "Device ID\tFrom Row:1\tSHA256 Hash\tSearch:ALL\tTab:Settings (Enrollment)\tTo Row:20\tCountry Code\tAction:Page Load\tIncident ID",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:30:01.685Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "8143cc5c-9fc1-11ea-b5b5-e55f0282f26b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "To Row:20\tFrom Row:1\tIncident ID\tTab:Settings (Enrollment)\tDevice ID\tAction:Page Load\tCountry Code\tSHA256 Hash\tSearch:ALL",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:30:01.685Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59055E+12",
"eventId_g": "b306c040-9fc1-11ea-b5b5-e55f0282f26b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "To Row:20\tFrom Row:1\tIncident ID\tTab:Settings (Enrollment)\tDevice ID\tAction:Page Load\tCountry Code\tSHA256 Hash\tSearch:ALL",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:30:01.685Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "org.springframework.web.servlet.support.ServletUriComponentsBuilder@45c36b9f",
"eventTime_d": "1.59055E+12",
"eventId_g": "e17495c7-9fc1-11ea-a717-d55d72138d6f",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "Policy Standard was modified",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T02:30:01.685Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "org.springframework.web.servlet.support.ServletUriComponentsBuilder@45c36b9f",
"eventTime_d": "1.59055E+12",
"eventId_g": "e1c526c8-9fc1-11ea-a717-d55d72138d6f",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "Tab: Settings (Policy)\tURL: /ui#settings/policy\tAction:Policy Settings Changed\tResult:\nCreated rule 57: When an application at path: \"C:\\program files\\windows defender advanced threat protection\\senseir.exe\" Performs any operation then IGNORE\nCreated rule 58: When known malware that has a verified signature Runs or is running then TERMINATE\nCreated rule 59: When COMPANY_BLACK_LIST Runs or is running then TERMINATE\nCreated rule 60: When suspected malware Runs or is running then TERMINATE\nCreated rule 61: When adware or a potentially unwanted program Performs ransomware-like behavior then TERMINATE\nCreated rule 62: When an unknown application (ex. new application when offline) Scrapes memory of another process then TERMINATE\nCreated rule 63: When an unknown application (ex. new application when offline) Performs ransomware-like behavior then TERMINATE\nCreated rule 64: When a not listed application Scrapes memory of another process then TERMINATE\nCreated rule 65: When a not listed application Performs ransomware-like behavior then TERMINATE\nCreated rule 66: When an application at path: \"**\\powershell*.exe\" Scrapes memory of another process then TERMINATE\nCreated rule 67: When an application at path: \"**/python\" Scrapes memory of another process then TERMINATE\nCreated rule 68: When an application at path: \"**\\wscript.exe\" Scrapes memory of another process then TERMINATE\nCreated rule 69: When an application at path: \"**\\cscript.exe\" Scrapes memory of another process then TERMINATE\nCreated rule 70: When an application at path: \"**\\wscript.exe\" Injects code or modifies memory of another process then DENY\nCreated rule 71: When an application at path: \"**\\cscript.exe\" Injects code or modifies memory of another process then DENY\nDeleted rule 43: When known malware that has a verified signature Runs or is running then TERMINATE\nDeleted rule 44: When COMPANY_BLACK_LIST Runs or is running then TERMINATE\nDeleted rule 45: When suspected malware Runs or is running then TERMINATE\nDeleted rule 46: When adware or a potentially unwanted program Performs ransomware-like behavior then TERMINATE\nDeleted rule 47: When an unknown application (ex. new application when offline) Scrapes memory of another process then TERMINATE\nDeleted rule 48: When an unknown application (ex. new application when offline) Performs ransomware-like behavior then TERMINATE\nDeleted rule 49: When a not listed application Scrapes memory of another process then TERMINATE\nDeleted rule 50: When a not listed application Performs ransomware-like behavior then TERMINATE\nDeleted rule 51: When an application at path: \"**/python\" Scrapes memory of another process then TERMINATE\nDeleted rule 52: When an application at path: \"**\\powershell*.exe\" Scrapes memory of another process then TERMINATE\nDeleted rule 53: When an application at path: \"**\\cscript.exe\" Scrapes memory of another process then TERMINATE\nDeleted rule 54: When an application at path: \"**\\wscript.exe\" Scrapes memory of another process then TERMINATE\nDeleted rule 55: When an application at path: \"**\\cscript.exe\" Injects code or modifies memory of another process then DENY\nDeleted rule 56: When an application at path: \"**\\wscript.exe\" Injects code or modifies memory of another process then DENY\n",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T15:20:04.858Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/alerts/notifications",
"eventTime_d": "1.59059E+12",
"eventId_g": "88304a3c-a02d-11ea-8520-3d1e037febf5",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "Created alert notification with name: Test and id: 882f5fdba02d11ea85204d04f535ec77",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T15:25:03.934Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/alerts/notifications/882f5fdba02d11ea85204d04f535ec77",
"eventTime_d": "1.59059E+12",
"eventId_g": "8b022f9a-a02d-11ea-8c38-d55b416c596c",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "Deleted alert notification with id: 882f5fdba02d11ea85204d04f535ec77",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T15:25:03.934Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59059E+12",
"eventId_g": "a3dfb1ca-a02d-11ea-a53b-9b43877f6dd1",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "Added user sanitized@sanitized.com to org 12261 (Email Invitation)",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T15:25:03.934Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/access/v1/grants/psc:user:NE2F3D55:53375/org-ref/psc:org:NE2F3D55",
"eventTime_d": "1.59059E+12",
"eventId_g": "e96c4207-a02d-11ea-ae69-21cb7df9699b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "Updated grant: psc:user:NE2F3D55:53375 with role Super Admin",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T15:25:03.934Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59059E+12",
"eventId_g": "e99d3d35-a02d-11ea-b5b5-e55f0282f26b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "Updated user sanitized@sanitized.com in org 12260",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T15:25:03.934Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59059E+12",
"eventId_g": "274e8b91-a02e-11ea-a717-d55d72138d6f",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "Added API ID G4ZZRJ4539 with name AzureSentinelSIEM in org 12261",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T15:25:03.934Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59059E+12",
"eventId_g": "279e58ea-a02e-11ea-b474-ad2b1b5a8589",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "User sanitized@sanitized.com retrieved secret for API ID G4ZZRJ4539 in org 12261",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-27T15:30:06.226Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/alerts/notifications",
"eventTime_d": "1.59059E+12",
"eventId_g": "65a149bd-a02e-11ea-b5b5-e55f0282f26b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "Created alert notification with name: AzureSentinel and id: 65a05f5ca02e11eab5b5ad6993c512fe",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-23T16:25:02.316Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.59025E+12",
"eventId_g": "66680791-9d11-11ea-ba83-e3cb965acc5e",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "FALSE",
"description_s": "User sanitized@sanitized.com retrieved secret for API ID 9I6MBV1DVI in org 12261",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-23T15:15:01.539Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59025E+12",
"eventId_g": "2676cac0-9d08-11ea-9860-398dfe606d2b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "TRUE",
"description_s": "Search:ALL\tAction:Page Load\tIncident ID\tCountry Code\tDevice ID\tTab:Settings (Enrollment)\tFrom Row:1\tSHA256 Hash\tTo Row:50",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-23T15:15:01.539Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59025E+12",
"eventId_g": "26b05153-9d08-11ea-ae69-21cb7df9699b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "65.65.65.65",
"verbose_b": "TRUE",
"description_s": "Device ID\tFrom Row:1\tSHA256 Hash\tSearch:ALL\tTab:Settings (Enrollment)\tTo Row:50\tCountry Code\tAction:Page Load\tIncident ID",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-23T02:10:01.286Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.5902E+12",
"eventId_g": "43445625-9c9a-11ea-9860-398dfe606d2b",
"loginName_s": "XKFHEIYWPRU",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "166.166.166.166",
"verbose_b": "FALSE",
"description_s": "Connector XKFHEIYWPRU logged in successfully",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-22T15:25:01.619Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59016E+12",
"eventId_g": "ccecb972-9c3f-11ea-9bba-c16b951fdfc3",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "98.98.98.98",
"verbose_b": "TRUE",
"description_s": "Tab:Settings (Enrollment)\tAction:Page Load\tFrom Row:1\tDevice ID\tIncident ID\tSearch:ALL\tTo Row:50\tCountry Code\tSHA256 Hash",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-22T15:25:01.619Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59016E+12",
"eventId_g": "cd3c600b-9c3f-11ea-8979-f9c33d0ca68b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "98.98.98.98",
"verbose_b": "TRUE",
"description_s": "To Row:50\tTab:Settings (Enrollment)\tFrom Row:1\tCountry Code\tIncident ID\tSearch:ALL\tDevice ID\tAction:Page Load\tSHA256 Hash",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-22T15:55:02.835Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59016E+12",
"eventId_g": "30690763-9c44-11ea-a53b-9b43877f6dd1",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "98.98.98.98",
"verbose_b": "TRUE",
"description_s": "Device ID\tFrom Row:1\tCountry Code\tTo Row:20\tTab:Settings (Enrollment)\tSearch:ALL\tSHA256 Hash\tAction:Page Load\tIncident ID",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-22T15:55:02.835Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.59016E+12",
"eventId_g": "30c5f483-9c44-11ea-9860-398dfe606d2b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "98.98.98.98",
"verbose_b": "TRUE",
"description_s": "Search:ALL\tAction:Page Load\tIncident ID\tCountry Code\tDevice ID\tTab:Settings (Enrollment)\tFrom Row:1\tSHA256 Hash\tTo Row:20",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-23T01:55:01.464Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.5902E+12",
"eventId_g": "0800bf74-9c98-11ea-80bf-61e2e49eae77",
"loginName_s": "XKFHEIYWPRU",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "166.166.166.166",
"verbose_b": "FALSE",
"description_s": "Connector XKFHEIYWPRU logged in successfully",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-23T02:00:01.469Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.5902E+12",
"eventId_g": "ec97b9f6-9c98-11ea-99ef-f5eee234d36b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "Country Code\tDevice ID\tTab:Settings (Enrollment)\tAction:Page Load\tSearch:ALL\tSHA256 Hash\tIncident ID\tFrom Row:1\tTo Row:20",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-23T02:00:01.469Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "/appservices/v5/orgs/12261/devices/find",
"eventTime_d": "1.5902E+12",
"eventId_g": "ece64fab-9c98-11ea-a717-d55d72138d6f",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "TRUE",
"description_s": "Search:ALL\tAction:Page Load\tDevice ID\tFrom Row:1\tTo Row:20\tIncident ID\tTab:Settings (Enrollment)\tSHA256 Hash\tCountry Code",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-23T02:00:01.469Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.5902E+12",
"eventId_g": "ffec9cfd-9c98-11ea-b5b5-e55f0282f26b",
"loginName_s": "sanitized@sanitized.com",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "208.208.208.208",
"verbose_b": "FALSE",
"description_s": "User sanitized@sanitized.com retrieved secret for API ID XKFHEIYWPRU in org 12261",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
},
{
"TenantId": "a123456z-a123-1234-1234-1234aabbcc56",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated": "2020-05-23T02:05:01.35Z",
"Computer": "",
"RawData": "",
"requestUrl_s": "",
"eventTime_d": "1.5902E+12",
"eventId_g": "1ffff986-9c99-11ea-9860-398dfe606d2b",
"loginName_s": "XKFHEIYWPRU",
"orgName_s": "lab-enterprise.abccompany.com",
"flagged_b": "FALSE",
"clientIp_s": "166.166.166.166",
"verbose_b": "FALSE",
"description_s": "Connector XKFHEIYWPRU logged in successfully",
"Type": "CarbonBlackAuditLogs_CL",
"_ResourceId": ""
}
]
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку