Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Sample Data/Custom/Netclean_Incidents_CL.json

2162 строки
85 KiB
JSON
Исходник Ответственный История

[
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:54:34.306 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": 8,
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629,f81bb3cd3cf07934a48cca4e855039f969ec9ef6,1d32c57f7130bdd80be9e4566381627dfd3ef3fe,e173d7ee8648bdfcca20cbcfc0688ea61e76276b,",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": "True",
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "75980766-7430-4cd0-a078-72f977b5cc6d",
"type_s": "demoIncident",
"version_s": 12,
"foundTime_t [UTC]": "3/21/2023, 8:59:54.236 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "75980766-7430-4cd0-a078-72f977b5cc6d",
"loggedOnUsers_s": "UMFD-0'@'Font Driver Host|DWM-2'@'Window Manager|DWM-2'@'Window Manager|UMFD-1'@'Font Driver Host|DWM-1'@'Window Manager|Administrator'@'HOST1|HOST1$'@'WORKGROUP|LOCAL SERVICE'@'NT AUTHORITY|UMFD-2'@'Font Driver Host|Administrator'@'HOST1|DWM-1'@'Window Manager|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 7:36:18.056 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img3.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "f81bb3cd3cf07934a48cca4e855039f969ec9ef6,,e173d7ee8648bdfcca20cbcfc0688ea61e76276b,9dd32ac721317d5b8122f8e729dd1cdcaba25629,,,1d32c57f7130bdd80be9e4566381627dfd3ef3fe,,",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": "True",
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "bdef228d-80fa-40c8-a602-f836346274f8",
"type_s": "demoIncident",
"version_s": 12,
"foundTime_t [UTC]": "3/20/2023, 8:08:08.935 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "bdef228d-80fa-40c8-a602-f836346274f8",
"loggedOnUsers_s": "Administrator'@'HOST1|HOST1$'@'WORKGROUP|DWM-2'@'Window Manager|UMFD-2'@'Font Driver Host|LOCAL SERVICE'@'NT AUTHORITY|DWM-1'@'Window Manager|DWM-1'@'Window Manager|UMFD-0'@'Font Driver Host|DWM-2'@'Window Manager|Administrator'@'HOST1|UMFD-1'@'Font Driver Host|",
"size_s": 200444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 7:57:38.458 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.970 PM",
"md5_s": "b2d75d006dd52e19bc0be7571f9c500ddfa64094",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 8:14:22.405 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "f81bb3cd3cf07934a48cca4e855039f969ec9ef6",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img3.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "e173d7ee8648bdfcca20cbcfc0688ea61e76276b,f81bb3cd3cf07934a48cca4e855039f969ec9ef6,9dd32ac721317d5b8122f8e729dd1cdcaba25629,1d32c57f7130bdd80be9e4566381627dfd3ef3fe,,,,,",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": "True",
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "bdef228d-80fa-40c8-a602-f836346274f8",
"type_s": "demoIncident",
"version_s": 12,
"foundTime_t [UTC]": "3/20/2023, 8:08:08.935 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "bdef228d-80fa-40c8-a602-f836346274f8",
"loggedOnUsers_s": "DWM-1'@'Window Manager|HOST1$'@'WORKGROUP|Administrator'@'HOST1|DWM-2'@'Window Manager|LOCAL SERVICE'@'NT AUTHORITY|UMFD-2'@'Font Driver Host|UMFD-1'@'Font Driver Host|DWM-2'@'Window Manager|UMFD-0'@'Font Driver Host|Administrator'@'HOST1|DWM-1'@'Window Manager|",
"size_s": 200444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 7:57:38.458 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.970 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 8:15:43.039 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "e173d7ee8648bdfcca20cbcfc0688ea61e76276b",
"m365filePath_s": "",
"m365WebUrl_s": "https://DEMO-my.sharepoint.com/personal/DEMO_DEMO_onmicrosoft_com/Documents/bilder/IMG1.jpg",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "b!iX-86uc3QkqYPC_eb22843801f7b20d197911613680a9167a17666b",
"m365LibraryDisplayName_s": "OneDrive",
"m365Librarytype_s": "user",
"m365siteid_s": "DEMO-my.sharepoint.com,e48fabbd84177996c9c1419cdea4b21dc4899925",
"m365sitedisplayName_s": "DEMO DEMO",
"m365sitename_s": "",
"filePath_s": "/drives/b!iX-86uc3QkqYPC_eb22843801f7b20d197911613680a9167a17666b/root:/bilder/IMG1.jpg",
"agentType_s": "microsoft365",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": "",
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "",
"domainName_s": "",
"hasCollectedNearbyFiles_s": "",
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "microsoft365",
"Identifier_g": "ebcd8124-27b4-416c-8ca7-45011691b9dc",
"type_s": "demoIncident",
"version_s": 1,
"foundTime_t [UTC]": "3/21/2023, 7:58:08.922 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "",
"machineName_s": "microsoft365",
"microsoftCultureId_s": "",
"timeZoneId_s": "",
"microsoftGeoId_s": "",
"domainname_s": "",
"Agentversion_s": "22.4.0.0",
"Agentidentifier_g": "ebcd8124-27b4-416c-8ca7-45011691b9dc",
"loggedOnUsers_s": "",
"size_s": 230341,
"creationTime_t [UTC]": "2/3/2023, 2:29:10.000 PM",
"lastAccessTime_t [UTC]": "",
"lastWriteTime_t [UTC]": "3/21/2023, 7:56:07.000 AM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:00:32.610 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "e173d7ee8648bdfcca20cbcfc0688ea61e76276b",
"m365filePath_s": "",
"m365WebUrl_s": "https://DEMO-my.sharepoint.com/personal/DEMO_DEMO_onmicrosoft_com/Documents/bilder/IMG1.jpg",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "b!iX-86uc3QkqYPC_eb22843801f7b20d197911613680a9167a17666b",
"m365LibraryDisplayName_s": "OneDrive",
"m365Librarytype_s": "user",
"m365siteid_s": "DEMO-my.sharepoint.com,e48fabbd84177996c9c1419cdea4b21dc4899925",
"m365sitedisplayName_s": "DEMO DEMO",
"m365sitename_s": "",
"filePath_s": "/drives/b!iX-86uc3QkqYPC_eb22843801f7b20d197911613680a9167a17666b/root:/bilder/IMG1.jpg",
"agentType_s": "microsoft365",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": "",
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "microsoft365",
"Identifier_g": "ebcd8124-27b4-416c-8ca7-45011691b9dc",
"type_s": "demoIncident",
"version_s": 1,
"foundTime_t [UTC]": "3/21/2023, 7:58:08.922 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "",
"machineName_s": "microsoft365",
"microsoftCultureId_s": "",
"timeZoneId_s": "",
"microsoftGeoId_s": "",
"domainname_s": "",
"Agentversion_s": "22.4.0.0",
"Agentidentifier_g": "ebcd8124-27b4-416c-8ca7-45011691b9dc",
"loggedOnUsers_s": "",
"size_s": 230341,
"creationTime_t [UTC]": "2/3/2023, 2:29:10.000 PM",
"lastAccessTime_t [UTC]": "",
"lastWriteTime_t [UTC]": "3/21/2023, 7:56:07.000 AM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:02:26.672 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"type_s": "demoIncident",
"version_s": 2,
"foundTime_t [UTC]": "3/21/2023, 8:57:47.344 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"loggedOnUsers_s": "UMFD-1'@'Font Driver Host|DWM-2'@'Window Manager|DWM-1'@'Window Manager|UMFD-2'@'Font Driver Host|Administrator'@'HOST1|Administrator'@'HOST1|LOCAL SERVICE'@'NT AUTHORITY|HOST1$'@'WORKGROUP|DWM-1'@'Window Manager|DWM-2'@'Window Manager|UMFD-0'@'Font Driver Host|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:03:31.402 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"type_s": "demoIncident",
"version_s": 2,
"foundTime_t [UTC]": "3/21/2023, 8:57:47.344 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"loggedOnUsers_s": "DWM-1'@'Window Manager|DWM-2'@'Window Manager|UMFD-1'@'Font Driver Host|DWM-2'@'Window Manager|Administrator'@'HOST1|UMFD-0'@'Font Driver Host|Administrator'@'HOST1|HOST1$'@'WORKGROUP|LOCAL SERVICE'@'NT AUTHORITY|DWM-1'@'Window Manager|UMFD-2'@'Font Driver Host|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:03:34.589 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"type_s": "demoIncident",
"version_s": 2,
"foundTime_t [UTC]": "3/21/2023, 8:57:47.344 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"loggedOnUsers_s": "Administrator'@'HOST1|HOST1$'@'WORKGROUP|UMFD-0'@'Font Driver Host|DWM-2'@'Window Manager|DWM-2'@'Window Manager|Administrator'@'HOST1|UMFD-2'@'Font Driver Host|LOCAL SERVICE'@'NT AUTHORITY|UMFD-1'@'Font Driver Host|DWM-1'@'Window Manager|DWM-1'@'Window Manager|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:03:42.038 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"type_s": "demoIncident",
"version_s": 2,
"foundTime_t [UTC]": "3/21/2023, 8:57:47.344 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"loggedOnUsers_s": "LOCAL SERVICE'@'NT AUTHORITY|DWM-1'@'Window Manager|UMFD-2'@'Font Driver Host|Administrator'@'HOST1|DWM-2'@'Window Manager|HOST1$'@'WORKGROUP|UMFD-1'@'Font Driver Host|UMFD-0'@'Font Driver Host|DWM-1'@'Window Manager|Administrator'@'HOST1|DWM-2'@'Window Manager|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:03:42.288 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"type_s": "demoIncident",
"version_s": 2,
"foundTime_t [UTC]": "3/21/2023, 8:57:47.344 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"loggedOnUsers_s": "DWM-1'@'Window Manager|UMFD-1'@'Font Driver Host|DWM-2'@'Window Manager|DWM-1'@'Window Manager|HOST1$'@'WORKGROUP|DWM-2'@'Window Manager|Administrator'@'HOST1|LOCAL SERVICE'@'NT AUTHORITY|Administrator'@'HOST1|UMFD-2'@'Font Driver Host|UMFD-0'@'Font Driver Host|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:03:42.964 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"type_s": "demoIncident",
"version_s": 2,
"foundTime_t [UTC]": "3/21/2023, 8:57:47.344 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"loggedOnUsers_s": "LOCAL SERVICE'@'NT AUTHORITY|UMFD-0'@'Font Driver Host|Administrator'@'HOST1|HOST1$'@'WORKGROUP|UMFD-1'@'Font Driver Host|UMFD-2'@'Font Driver Host|DWM-2'@'Window Manager|DWM-1'@'Window Manager|DWM-1'@'Window Manager|DWM-2'@'Window Manager|Administrator'@'HOST1|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:03:43.182 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"type_s": "demoIncident",
"version_s": 1,
"foundTime_t [UTC]": "3/21/2023, 8:57:47.344 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "",
"machineName_s": "HOST1",
"microsoftCultureId_s": "",
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": "",
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"loggedOnUsers_s": "Administrator'@'HOST1|UMFD-1'@'Font Driver Host|DWM-1'@'Window Manager|LOCAL SERVICE'@'NT AUTHORITY|UMFD-0'@'Font Driver Host|DWM-1'@'Window Manager|Administrator'@'HOST1|DWM-2'@'Window Manager|UMFD-2'@'Font Driver Host|HOST1$'@'WORKGROUP|DWM-2'@'Window Manager|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:03:44.054 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"type_s": "demoIncident",
"version_s": 2,
"foundTime_t [UTC]": "3/21/2023, 8:57:47.344 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"loggedOnUsers_s": "HOST1$'@'WORKGROUP|Administrator'@'HOST1|UMFD-2'@'Font Driver Host|Administrator'@'HOST1|UMFD-0'@'Font Driver Host|LOCAL SERVICE'@'NT AUTHORITY|UMFD-1'@'Font Driver Host|DWM-1'@'Window Manager|DWM-2'@'Window Manager|DWM-1'@'Window Manager|DWM-2'@'Window Manager|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:03:44.461 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"type_s": "demoIncident",
"version_s": 2,
"foundTime_t [UTC]": "3/21/2023, 8:57:47.344 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"loggedOnUsers_s": "DWM-2'@'Window Manager|DWM-1'@'Window Manager|DWM-2'@'Window Manager|UMFD-1'@'Font Driver Host|LOCAL SERVICE'@'NT AUTHORITY|DWM-1'@'Window Manager|UMFD-0'@'Font Driver Host|UMFD-2'@'Font Driver Host|HOST1$'@'WORKGROUP|Administrator'@'HOST1|Administrator'@'HOST1|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 8:15:03.665 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "e173d7ee8648bdfcca20cbcfc0688ea61e76276b",
"m365filePath_s": "",
"m365WebUrl_s": "https://DEMO-my.sharepoint.com/personal/DEMO_DEMO_onmicrosoft_com/Documents/bilder/IMG1.jpg",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "b!iX-86uc3QkqYPC_eb22843801f7b20d197911613680a9167a17666b",
"m365LibraryDisplayName_s": "OneDrive",
"m365Librarytype_s": "user",
"m365siteid_s": "DEMO-my.sharepoint.com,e48fabbd84177996c9c1419cdea4b21dc4899925",
"m365sitedisplayName_s": "DEMO DEMO",
"m365sitename_s": "",
"filePath_s": "/drives/b!iX-86uc3QkqYPC_eb22843801f7b20d197911613680a9167a17666b/root:/bilder/IMG1.jpg",
"agentType_s": "microsoft365",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": "",
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "",
"domainName_s": "",
"hasCollectedNearbyFiles_s": "",
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "demoIncident",
"Identifier_g": "ebcd8124-27b4-416c-8ca7-45011691b9dc",
"type_s": "demoIncident",
"version_s": 1,
"foundTime_t [UTC]": "3/21/2023, 7:58:08.922 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "",
"machineName_s": "demoIncident",
"microsoftCultureId_s": "",
"timeZoneId_s": "",
"microsoftGeoId_s": "",
"domainname_s": "",
"Agentversion_s": "22.4.0.0",
"Agentidentifier_g": "ebcd8124-27b4-416c-8ca7-45011691b9dc",
"loggedOnUsers_s": "",
"size_s": 230341,
"creationTime_t [UTC]": "2/3/2023, 2:29:10.000 PM",
"lastAccessTime_t [UTC]": "",
"lastWriteTime_t [UTC]": "3/21/2023, 7:56:07.000 AM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:43:00.175 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": "True",
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "75980766-7430-4cd0-a078-72f977b5cc6d",
"type_s": "demoIncident",
"version_s": 12,
"foundTime_t [UTC]": "3/21/2023, 8:59:54.236 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "75980766-7430-4cd0-a078-72f977b5cc6d",
"loggedOnUsers_s": "UMFD-0'@'Font Driver Host|DWM-1'@'Window Manager|DWM-1'@'Window Manager|Administrator'@'HOST1|UMFD-2'@'Font Driver Host|Administrator'@'HOST1|DWM-2'@'Window Manager|DWM-2'@'Window Manager|UMFD-1'@'Font Driver Host|HOST1$'@'WORKGROUP|LOCAL SERVICE'@'NT AUTHORITY|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 10:02:32.116 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": 8,
"sha1_s": "f81bb3cd3cf07934a48cca4e855039f969ec9ef6",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img3.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "f81bb3cd3cf07934a48cca4e855039f969ec9ef6,e173d7ee8648bdfcca20cbcfc0688ea61e76276b,9dd32ac721317d5b8122f8e729dd1cdcaba25629,1d32c57f7130bdd80be9e4566381627dfd3ef3fe,",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": "True",
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "00fdc39d-c6d6-465a-ad70-58976c927756",
"type_s": "demoIncident",
"version_s": 12,
"foundTime_t [UTC]": "3/21/2023, 10:00:40.236 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "00fdc39d-c6d6-465a-ad70-58976c927756",
"loggedOnUsers_s": "HOST1$'@'WORKGROUP|UMFD-1'@'Font Driver Host|LOCAL SERVICE'@'NT AUTHORITY|DWM-2'@'Window Manager|DWM-2'@'Window Manager|DWM-1'@'Window Manager|DWM-1'@'Window Manager|UMFD-0'@'Font Driver Host|Administrator'@'HOST1|Administrator'@'HOST1|UMFD-2'@'Font Driver Host|",
"size_s": 200444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 7:57:38.458 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.970 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:03:46.613 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"type_s": "demoIncident",
"version_s": 2,
"foundTime_t [UTC]": "3/21/2023, 8:57:47.344 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"loggedOnUsers_s": "UMFD-1'@'Font Driver Host|UMFD-0'@'Font Driver Host|DWM-1'@'Window Manager|Administrator'@'HOST1|Administrator'@'HOST1|DWM-1'@'Window Manager|HOST1$'@'WORKGROUP|DWM-2'@'Window Manager|UMFD-2'@'Font Driver Host|LOCAL SERVICE'@'NT AUTHORITY|DWM-2'@'Window Manager|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:45:11.955 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "f81bb3cd3cf07934a48cca4e855039f969ec9ef6,e173d7ee8648bdfcca20cbcfc0688ea61e76276b,9dd32ac721317d5b8122f8e729dd1cdcaba25629,1d32c57f7130bdd80be9e4566381627dfd3ef3fe,",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": "True",
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "75980766-7430-4cd0-a078-72f977b5cc6d",
"type_s": "demoIncident",
"version_s": 12,
"foundTime_t [UTC]": "3/21/2023, 8:59:54.236 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "75980766-7430-4cd0-a078-72f977b5cc6d",
"loggedOnUsers_s": "Administrator'@'HOST1|DWM-2'@'Window Manager|LOCAL SERVICE'@'NT AUTHORITY|DWM-2'@'Window Manager|DWM-1'@'Window Manager|UMFD-0'@'Font Driver Host|UMFD-1'@'Font Driver Host|HOST1$'@'WORKGROUP|DWM-1'@'Window Manager|UMFD-2'@'Font Driver Host|Administrator'@'HOST1|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:03:48.583 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "75980766-7430-4cd0-a078-72f977b5cc6d",
"type_s": "demoIncident",
"version_s": 1,
"foundTime_t [UTC]": "3/21/2023, 8:59:54.236 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "75980766-7430-4cd0-a078-72f977b5cc6d",
"loggedOnUsers_s": "DWM-2'@'Window Manager|UMFD-1'@'Font Driver Host|UMFD-2'@'Font Driver Host|HOST1$'@'WORKGROUP|Administrator'@'HOST1|DWM-1'@'Window Manager|DWM-2'@'Window Manager|LOCAL SERVICE'@'NT AUTHORITY|DWM-1'@'Window Manager|UMFD-0'@'Font Driver Host|Administrator'@'HOST1|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:03:48.269 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "f81bb3cd3cf07934a48cca4e855039f969ec9ef6",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img3.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "ce37f581-c410-49bd-a8c6-a88fe085cb71",
"type_s": "demoIncident",
"version_s": 1,
"foundTime_t [UTC]": "3/21/2023, 8:59:53.945 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "ce37f581-c410-49bd-a8c6-a88fe085cb71",
"loggedOnUsers_s": "DWM-2'@'Window Manager|UMFD-1'@'Font Driver Host|Administrator'@'HOST1|DWM-2'@'Window Manager|Administrator'@'HOST1|HOST1$'@'WORKGROUP|UMFD-2'@'Font Driver Host|DWM-1'@'Window Manager|DWM-1'@'Window Manager|UMFD-0'@'Font Driver Host|LOCAL SERVICE'@'NT AUTHORITY|",
"size_s": 200444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 7:57:38.458 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.970 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 1:59:15.435 PM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": 0,
"sha1_s": "e173d7ee8648bdfcca20cbcfc0688ea61e76276b",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img4.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "f301c00d-b8f3-4659-bdb3-581b5b747eca",
"type_s": "demoIncident",
"version_s": 1,
"foundTime_t [UTC]": "3/21/2023, 1:58:58.282 PM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "f301c00d-b8f3-4659-bdb3-581b5b747eca",
"loggedOnUsers_s": "DWM-2'@'Window Manager|UMFD-2'@'Font Driver Host|Administrator'@'HOST1|HOST1$'@'WORKGROUP|Administrator'@'HOST1|DWM-2'@'Window Manager|LOCAL SERVICE'@'NT AUTHORITY|UMFD-0'@'Font Driver Host|DWM-1'@'Window Manager|DWM-1'@'Window Manager|UMFD-1'@'Font Driver Host|",
"size_s": 230341,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/21/2022, 10:16:37.106 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.970 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:03:50.536 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "75980766-7430-4cd0-a078-72f977b5cc6d",
"type_s": "demoIncident",
"version_s": 2,
"foundTime_t [UTC]": "3/21/2023, 8:59:54.236 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "75980766-7430-4cd0-a078-72f977b5cc6d",
"loggedOnUsers_s": "UMFD-2'@'Font Driver Host|DWM-1'@'Window Manager|Administrator'@'HOST1|DWM-1'@'Window Manager|DWM-2'@'Window Manager|DWM-2'@'Window Manager|Administrator'@'HOST1|HOST1$'@'WORKGROUP|UMFD-1'@'Font Driver Host|UMFD-0'@'Font Driver Host|LOCAL SERVICE'@'NT AUTHORITY|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 1:59:16.387 PM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": 0,
"sha1_s": "e173d7ee8648bdfcca20cbcfc0688ea61e76276b",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img4.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "f301c00d-b8f3-4659-bdb3-581b5b747eca",
"type_s": "demoIncident",
"version_s": 2,
"foundTime_t [UTC]": "3/21/2023, 1:58:58.282 PM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "f301c00d-b8f3-4659-bdb3-581b5b747eca",
"loggedOnUsers_s": "UMFD-0'@'Font Driver Host|UMFD-2'@'Font Driver Host|UMFD-1'@'Font Driver Host|Administrator'@'HOST1|DWM-2'@'Window Manager|HOST1$'@'WORKGROUP|DWM-1'@'Window Manager|Administrator'@'HOST1|DWM-2'@'Window Manager|DWM-1'@'Window Manager|LOCAL SERVICE'@'NT AUTHORITY|",
"size_s": 230341,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/21/2022, 10:16:37.106 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.970 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:03:53.688 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "e173d7ee8648bdfcca20cbcfc0688ea61e76276b,1d32c57f7130bdd80be9e4566381627dfd3ef3fe,9dd32ac721317d5b8122f8e729dd1cdcaba25629,,,,f81bb3cd3cf07934a48cca4e855039f969ec9ef6,,",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": "True",
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"type_s": "demoIncident",
"version_s": 12,
"foundTime_t [UTC]": "3/21/2023, 8:57:47.344 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "8ed00029-910b-4f3c-8301-1c8cf048e2c3",
"loggedOnUsers_s": "DWM-2'@'Window Manager|DWM-2'@'Window Manager|DWM-1'@'Window Manager|DWM-1'@'Window Manager|UMFD-0'@'Font Driver Host|UMFD-1'@'Font Driver Host|Administrator'@'HOST1|Administrator'@'HOST1|HOST1$'@'WORKGROUP|UMFD-2'@'Font Driver Host|LOCAL SERVICE'@'NT AUTHORITY|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:03:54.780 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "f81bb3cd3cf07934a48cca4e855039f969ec9ef6",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img3.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": ",f81bb3cd3cf07934a48cca4e855039f969ec9ef6,1d32c57f7130bdd80be9e4566381627dfd3ef3fe,e173d7ee8648bdfcca20cbcfc0688ea61e76276b,,9dd32ac721317d5b8122f8e729dd1cdcaba25629,,,",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": "True",
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "ce37f581-c410-49bd-a8c6-a88fe085cb71",
"type_s": "demoIncident",
"version_s": 12,
"foundTime_t [UTC]": "3/21/2023, 8:59:53.945 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "ce37f581-c410-49bd-a8c6-a88fe085cb71",
"loggedOnUsers_s": "DWM-1'@'Window Manager|HOST1$'@'WORKGROUP|Administrator'@'HOST1|DWM-2'@'Window Manager|UMFD-1'@'Font Driver Host|UMFD-0'@'Font Driver Host|DWM-1'@'Window Manager|UMFD-2'@'Font Driver Host|LOCAL SERVICE'@'NT AUTHORITY|DWM-2'@'Window Manager|Administrator'@'HOST1|",
"size_s": 200444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 7:57:38.458 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.970 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 1:59:32.903 PM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": 8,
"sha1_s": "e173d7ee8648bdfcca20cbcfc0688ea61e76276b",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img4.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "e173d7ee8648bdfcca20cbcfc0688ea61e76276b,1d32c57f7130bdd80be9e4566381627dfd3ef3fe,9dd32ac721317d5b8122f8e729dd1cdcaba25629,f81bb3cd3cf07934a48cca4e855039f969ec9ef6,",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": "True",
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "f301c00d-b8f3-4659-bdb3-581b5b747eca",
"type_s": "demoIncident",
"version_s": 12,
"foundTime_t [UTC]": "3/21/2023, 1:58:58.282 PM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "f301c00d-b8f3-4659-bdb3-581b5b747eca",
"loggedOnUsers_s": "DWM-1'@'Window Manager|LOCAL SERVICE'@'NT AUTHORITY|UMFD-2'@'Font Driver Host|UMFD-1'@'Font Driver Host|DWM-2'@'Window Manager|UMFD-0'@'Font Driver Host|HOST1$'@'WORKGROUP|DWM-2'@'Window Manager|DWM-1'@'Window Manager|Administrator'@'HOST1|Administrator'@'HOST1|",
"size_s": 230341,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/21/2022, 10:16:37.106 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.970 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:03:55.086 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "f81bb3cd3cf07934a48cca4e855039f969ec9ef6",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img3.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "ce37f581-c410-49bd-a8c6-a88fe085cb71",
"type_s": "demoIncident",
"version_s": 2,
"foundTime_t [UTC]": "3/21/2023, 8:59:53.945 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "ce37f581-c410-49bd-a8c6-a88fe085cb71",
"loggedOnUsers_s": "DWM-2'@'Window Manager|UMFD-0'@'Font Driver Host|LOCAL SERVICE'@'NT AUTHORITY|HOST1$'@'WORKGROUP|Administrator'@'HOST1|UMFD-1'@'Font Driver Host|UMFD-2'@'Font Driver Host|Administrator'@'HOST1|DWM-1'@'Window Manager|DWM-1'@'Window Manager|DWM-2'@'Window Manager|",
"size_s": 200444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 7:57:38.458 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.970 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 9:03:57.989 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": "",
"sha1_s": "9dd32ac721317d5b8122f8e729dd1cdcaba25629",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img2.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": ",,1d32c57f7130bdd80be9e4566381627dfd3ef3fe,9dd32ac721317d5b8122f8e729dd1cdcaba25629,,e173d7ee8648bdfcca20cbcfc0688ea61e76276b,,f81bb3cd3cf07934a48cca4e855039f969ec9ef6,",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": "True",
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "75980766-7430-4cd0-a078-72f977b5cc6d",
"type_s": "demoIncident",
"version_s": 12,
"foundTime_t [UTC]": "3/21/2023, 8:59:54.236 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "75980766-7430-4cd0-a078-72f977b5cc6d",
"loggedOnUsers_s": "UMFD-1'@'Font Driver Host|DWM-1'@'Window Manager|Administrator'@'HOST1|DWM-2'@'Window Manager|DWM-2'@'Window Manager|UMFD-0'@'Font Driver Host|HOST1$'@'WORKGROUP|DWM-1'@'Window Manager|LOCAL SERVICE'@'NT AUTHORITY|Administrator'@'HOST1|UMFD-2'@'Font Driver Host|",
"size_s": 210444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 8:57:57.415 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.958 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 10:02:18.544 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": 0,
"sha1_s": "f81bb3cd3cf07934a48cca4e855039f969ec9ef6",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img3.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "00fdc39d-c6d6-465a-ad70-58976c927756",
"type_s": "demoIncident",
"version_s": 1,
"foundTime_t [UTC]": "3/21/2023, 10:00:40.236 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "00fdc39d-c6d6-465a-ad70-58976c927756",
"loggedOnUsers_s": "DWM-1'@'Window Manager|DWM-1'@'Window Manager|UMFD-0'@'Font Driver Host|DWM-2'@'Window Manager|UMFD-2'@'Font Driver Host|Administrator'@'HOST1|Administrator'@'HOST1|UMFD-1'@'Font Driver Host|HOST1$'@'WORKGROUP|LOCAL SERVICE'@'NT AUTHORITY|DWM-2'@'Window Manager|",
"size_s": 200444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 7:57:38.458 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.970 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 10:02:19.918 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": 0,
"sha1_s": "f81bb3cd3cf07934a48cca4e855039f969ec9ef6",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img3.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "00fdc39d-c6d6-465a-ad70-58976c927756",
"type_s": "demoIncident",
"version_s": 1,
"foundTime_t [UTC]": "3/21/2023, 10:00:40.236 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "00fdc39d-c6d6-465a-ad70-58976c927756",
"loggedOnUsers_s": "DWM-1'@'Window Manager|LOCAL SERVICE'@'NT AUTHORITY|DWM-2'@'Window Manager|DWM-2'@'Window Manager|DWM-1'@'Window Manager|UMFD-0'@'Font Driver Host|HOST1$'@'WORKGROUP|Administrator'@'HOST1|Administrator'@'HOST1|UMFD-2'@'Font Driver Host|UMFD-1'@'Font Driver Host|",
"size_s": 200444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 7:57:38.458 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.970 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 10:02:23.043 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": 0,
"sha1_s": "f81bb3cd3cf07934a48cca4e855039f969ec9ef6",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img3.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "00fdc39d-c6d6-465a-ad70-58976c927756",
"type_s": "demoIncident",
"version_s": 1,
"foundTime_t [UTC]": "3/21/2023, 10:00:40.236 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "00fdc39d-c6d6-465a-ad70-58976c927756",
"loggedOnUsers_s": "Administrator'@'HOST1|UMFD-1'@'Font Driver Host|DWM-1'@'Window Manager|UMFD-0'@'Font Driver Host|DWM-1'@'Window Manager|UMFD-2'@'Font Driver Host|DWM-2'@'Window Manager|HOST1$'@'WORKGROUP|Administrator'@'HOST1|DWM-2'@'Window Manager|LOCAL SERVICE'@'NT AUTHORITY|",
"size_s": 200444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 7:57:38.458 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.970 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 10:02:23.997 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": 0,
"sha1_s": "f81bb3cd3cf07934a48cca4e855039f969ec9ef6",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img3.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "00fdc39d-c6d6-465a-ad70-58976c927756",
"type_s": "demoIncident",
"version_s": 2,
"foundTime_t [UTC]": "3/21/2023, 10:00:40.236 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "00fdc39d-c6d6-465a-ad70-58976c927756",
"loggedOnUsers_s": "Administrator'@'HOST1|Administrator'@'HOST1|UMFD-1'@'Font Driver Host|DWM-1'@'Window Manager|DWM-2'@'Window Manager|LOCAL SERVICE'@'NT AUTHORITY|UMFD-2'@'Font Driver Host|UMFD-0'@'Font Driver Host|DWM-1'@'Window Manager|DWM-2'@'Window Manager|HOST1$'@'WORKGROUP|",
"size_s": 200444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 7:57:38.458 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.970 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/21/2023, 10:02:21.963 AM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": 0,
"sha1_s": "f81bb3cd3cf07934a48cca4e855039f969ec9ef6",
"m365filePath_s": "",
"m365WebUrl_s": "",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "",
"m365LibraryDisplayName_s": "",
"m365Librarytype_s": "",
"m365siteid_s": "",
"m365sitedisplayName_s": "",
"m365sitename_s": "",
"filePath_s": "C:\\Users\\Administrator\\Downloads\\test-images\\img3.jpg",
"agentType_s": "computer",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": 1,
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "BUILTIN",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "HOST1",
"Identifier_g": "00fdc39d-c6d6-465a-ad70-58976c927756",
"type_s": "demoIncident",
"version_s": 1,
"foundTime_t [UTC]": "3/21/2023, 10:00:40.236 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "Windows Server 2022 Standard 2009",
"machineName_s": "HOST1",
"microsoftCultureId_s": 1033,
"timeZoneId_s": "Pacific Standard Time",
"microsoftGeoId_s": 244,
"domainname_s": "BUILTIN",
"Agentversion_s": "22.1.1.0",
"Agentidentifier_g": "00fdc39d-c6d6-465a-ad70-58976c927756",
"loggedOnUsers_s": "DWM-2'@'Window Manager|UMFD-2'@'Font Driver Host|UMFD-0'@'Font Driver Host|Administrator'@'HOST1|UMFD-1'@'Font Driver Host|Administrator'@'HOST1|DWM-1'@'Window Manager|DWM-1'@'Window Manager|DWM-2'@'Window Manager|LOCAL SERVICE'@'NT AUTHORITY|HOST1$'@'WORKGROUP|",
"size_s": 200444,
"creationTime_t [UTC]": "4/5/2019, 9:36:38.000 PM",
"lastAccessTime_t [UTC]": "11/1/2022, 7:57:38.458 AM",
"lastWriteTime_t [UTC]": "10/31/2022, 2:14:25.970 PM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/22/2023, 12:50:32.877 PM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": 0,
"sha1_s": "e173d7ee8648bdfcca20cbcfc0688ea61e76276b",
"m365filePath_s": "",
"m365WebUrl_s": "https://DEMO-my.sharepoint.com/personal/DEMO_DEMO_onmicrosoft_com/Documents/bilder/IMG1.jpg",
"m365CreatedBymail_s": "sanitized@sanitized.com",
"m365LastModifiedByMail_s": "sanitized@sanitized.com",
"m365LibraryId_s": "b!iX-86uc3QkqYPC_eb22843801f7b20d197911613680a9167a17666b",
"m365LibraryDisplayName_s": "OneDrive",
"m365Librarytype_s": "user",
"m365siteid_s": "DEMO-my.sharepoint.com,e48fabbd84177996c9c1419cdea4b21dc4899925",
"m365sitedisplayName_s": "DEMO DEMO",
"m365sitename_s": "",
"filePath_s": "/drives/b!iX-86uc3QkqYPC_eb22843801f7b20d197911613680a9167a17666b/root:/bilder/IMG1.jpg",
"agentType_s": "microsoft365",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": "",
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "OneDrive",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "microsoft365",
"Identifier_g": "ebcd8124-27b4-416c-8ca7-45011691b9dc",
"type_s": "demoIncident",
"version_s": 1,
"foundTime_t [UTC]": "3/21/2023, 7:58:08.922 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "",
"machineName_s": "microsoft365",
"microsoftCultureId_s": "",
"timeZoneId_s": "",
"microsoftGeoId_s": "",
"domainname_s": "OneDrive",
"Agentversion_s": "22.4.0.0",
"Agentidentifier_g": "ebcd8124-27b4-416c-8ca7-45011691b9dc",
"loggedOnUsers_s": "",
"size_s": 230341,
"creationTime_t [UTC]": "2/3/2023, 2:29:10.000 PM",
"lastAccessTime_t [UTC]": "",
"lastWriteTime_t [UTC]": "3/21/2023, 7:56:07.000 AM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
},
{
"TenantId": "1111a111-b11b-111c-1111-e111e1e1e111",
"SourceSystem": "RestAPI",
"MG": "",
"ManagementGroupName": "",
"TimeGenerated [UTC]": "3/22/2023, 12:31:01.861 PM",
"Computer": "",
"RawData": "",
"countOfAllNearByFiles_s": 0,
"sha1_s": "e173d7ee8648bdfcca20cbcfc0688ea61e76276b",
"m365filePath_s": "",
"m365WebUrl_s": "https://DEMO-my.sharepoint.com/personal/DEMO_DEMO_onmicrosoft_com/Documents/bilder/IMG1.jpg",
"m365CreatedBymail_s": "",
"m365LastModifiedByMail_s": "",
"m365LibraryId_s": "b!iX-86uc3QkqYPC_eb22843801f7b20d197911613680a9167a17666b",
"m365LibraryDisplayName_s": "OneDrive",
"m365Librarytype_s": "user",
"m365siteid_s": "DEMO-my.sharepoint.com,e48fabbd84177996c9c1419cdea4b21dc4899925",
"m365sitedisplayName_s": "DEMO DEMO",
"m365sitename_s": "",
"filePath_s": "/drives/b!iX-86uc3QkqYPC_eb22843801f7b20d197911613680a9167a17666b/root:/bilder/IMG1.jpg",
"agentType_s": "microsoft365",
"nearbyFiles_sha1_s": "",
"Identifier_s": "",
"foundTime_s": "",
"creationTime_s": "",
"lastAccessTime_s": "",
"lastWriteTime_s": "",
"agentInformatonIdentifier_s": "",
"Agentidentifier_s": "",
"triggerSource_s": "",
"domain_s": "OneDrive",
"domainName_s": "",
"hasCollectedNearbyFiles_s": false,
"externalIP_s": "",
"nearbyFiles_md5s_s": "",
"Hostname_s": "microsoft365",
"Identifier_g": "ebcd8124-27b4-416c-8ca7-45011691b9dc",
"type_s": "demoIncident",
"version_s": 1,
"foundTime_t [UTC]": "3/21/2023, 7:58:08.922 AM",
"detectionMethod_s": "sha1",
"agentInformatonIdentifier_g": "",
"osVersion_s": "",
"machineName_s": "microsoft365",
"microsoftCultureId_s": "",
"timeZoneId_s": "",
"microsoftGeoId_s": "",
"domainname_s": "OneDrive",
"Agentversion_s": "22.4.0.0",
"Agentidentifier_g": "ebcd8124-27b4-416c-8ca7-45011691b9dc",
"loggedOnUsers_s": "",
"size_s": 230341,
"creationTime_t [UTC]": "2/3/2023, 2:29:10.000 PM",
"lastAccessTime_t [UTC]": "",
"lastWriteTime_t [UTC]": "3/21/2023, 7:56:07.000 AM",
"md5_s": "",
"Type": "Netclean_Incidents_CL",
"_ResourceId": ""
}
]
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку