Azure-Sentinel/Sample Data/CEF/ZScaler.json

[
  {
 "TimeGenerated": "3/30/2022, 10:52:35.857 AM",
    "DeviceVendor": "Fortinet",
    "DeviceProduct": "Fortigate",
    "DeviceEventClassID": 28704,
    "LogSeverity": 2,
    "Computer": "Contoso-MainFW",
    "CommunicationDirection": 1,
    "DestinationPort": 3389,
    "DestinationIP": "192.168.20.58",
    "Message": "Remote.Access: RDP,",
    "Protocol": 6,
    "SourcePort": 15577,
    "SourceIP": "213.252.245.73",
    "RemoteIP": 0,
    "RemotePort": 3389,
    "DeviceVersion": "v6.4.7",
    "Activity": "utm:app-ctrl signature pass",
    "AdditionalExtensions": "FortinetFortiGateeventtime=1647873918304240923;FortinetFortiGatetz=-0700;FortinetFortiGatelogid=1059028704;cat=utm:app-ctrl;FortinetFortiGatesubtype=app-ctrl;FortinetFortiGateeventtype=signature;FortinetFortiGatelevel=information;FortinetFortiGatevd=root;FortinetFortiGateappid=15511;FortinetFortiGatesrcintfrole=wan;FortinetFortiGatedstintfrole=lan;FortinetFortiGatepolicyid=3;FortinetFortiGateapplist=default;FortinetFortiGateaction=pass;FortinetFortiGateappcat=Remote.Access;FortinetFortiGateapp=RDP;FortinetFortiGateincidentserialno=212209995;FortinetFortiGateapprisk=high",
    "ApplicationProtocol": "RDP",
    "DeviceExternalID": "FGVM4VTM21000724",
    "DeviceInboundInterface": "port1",
    "DeviceOutboundInterface": "port2",
    "ExternalID": 14430578,
    "Type": "CommonSecurityLog"
  },
   {
   "TimeGenerated": "3/31/2022, 08:18:20.276 AM",
   "DeviceVendor": "Zscaler",
   "DeviceProduct": "NSSWeblog",
   "DeviceEventClassID": "Allowed",
   "LogSeverity": 3,
   "DeviceAction": "Allowed",
   "SimplifiedDeviceAction": "Allowed",
   "Computer": "zscaler-nss-Contoso",
   "CommunicationDirection": 1,
   "DestinationIP": "108.167.132.213",
   "SourceIP": "192.168.20.44",
   "DeviceVersion": 5.7,
   "Activity": "Allowed",
   "AdditionalExtensions": "reason=Allowed;outcome=200;cat=Internet Services;rulelabel=None;ruletype=None;urlclass=Business Use;devicemodel=Virtual Machine",
   "ApplicationProtocol": "HTTP",
   "DestinationServiceName": "General Browsing",
   "DestinationDnsDomain": "dayvidmarketingdireto.com.br",
   "FileType": "None",
   "ReceivedBytes": 550,
   "SentBytes": 307,
   "RequestURL": "http://dayvidmarketingdireto.com.br/shii/office-RD117/",
   "SourceUserName": "benjamin@contoso.com"
 }
]