Azure-Sentinel/Sample Data/CiscoMeraki-RestAPI.json

[
    {
        "ts": "2020-03-20T16:00:10.144989Z",
        "eventType": "File Scanned",
        "clientName": "COMPUTER-M-V78J",
        "clientMac": "10:dd:b1:eb:88:f8",
        "clientIp": "192.168.128.2",
        "srcIp": "192.168.128.2",
        "destIp": "119.192.233.48",
        "protocol": "http",
        "uri": "http://www.favorite-icons.com/program/FavoriteIconsUninstall.exe",
        "canonicalName": "PUA.Win.Dropper.Kraddare::1201",
        "destinationPort": 80,
        "fileHash": "3ec1b9a95fe62aa25fc959643a0f227b76d253094681934daaf628d3574b3463",
        "fileType": "MS_EXE",
        "fileSizeBytes": 193688,
        "disposition": "Malicious",
        "action": "Blocked"
    },
    {
        "ts": "2018-02-11T00:00:00.090210Z",
        "eventType": "IDS Alert",
        "deviceMac": "00:18:0a:01:02:03",
        "clientMac": "A1:B2:C3:D4:E5:F6",
        "srcIp": "1.2.3.4:34195",
        "destIp": "10.20.30.40:80",
        "protocol": "tcp/ip",
        "priority": "2",
        "classification": "4",
        "blocked": true,
        "message": "SERVER-WEBAPP JBoss JMX console access attempt",
        "signature": "1:21516:9",
        "sigSource": "",
        "ruleId": "meraki:intrusion/snort/GID/1/SID/26267"
    },
    {
        "ts": "2018-02-11T00:00:00.090210Z",
        "eventType": "IDS Alert",
        "deviceMac": "00:18:0a:01:02:03",
        "clientMac": "A1:B2:C3:D4:E5:F6",
        "srcIp": "1.2.3.4:56023",
        "destIp": "10.20.30.40:80",
        "protocol": "tcp/ip",
        "priority": "1",
        "classification": "33",
        "blocked": true,
        "message": "POLICY-OTHER Adobe ColdFusion admin interface access attempt",
        "signature": "1:25975:2",
        "sigSource": "",
        "ruleId": "meraki:intrusion/snort/GID/1/SID/26267"
    }
]