forked from Azure/Azure-Sentinel
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathGarrisonULTRARemoteLogs_RawLogs.json
67 lines (67 loc) · 3.08 KB
/
GarrisonULTRARemoteLogs_RawLogs.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
[
{
"TimeGenerated": "2024-10-15 14:39:09.323000+00:00",
"deviceEventClassId": 1,
"name": "HTTP request",
"start": 1729003149323,
"request": ">{XDI$K.&=nTA8ZtdJIf;>~})l9?6tjFH7QR*vns]x16ZZ%Ot[#qvtL^x^OIZ<n<Au-3ryqo&#{dB1hs?*gZ?9bBqf<dmTFNo(LU,amU)7L.0>EQ#(L~S-gP}B8#3]#pNV&Z9@ITYVS%wX|&A^u)+LNiU^Tt2N:tQiLUE,&4?fAg<Gq7plLs9bB<Ht5E|A(htf<KKn#XHbY\\vEqu{WuUarLc#1ymV+{ow:cN",
"requestContext": "$?aY?-s_%6fHrPlU61E,p8t&8%]vrpT-k[O~OPP4%,Mdm0WzoEhDfC%|LSIyt?CS=|9Mpto@-1}z4mLKP(Ao>6c(k<PFikbZnq[n@WbZZv\\M4xkUaGN*103}bg,);|O/$/xo:>DYl+)(h/_/f@:kT1r]hn]~hGf3%-#dxFOFT<*E",
"reason": "",
"dhost": "",
"devicePayloadId": "037dd6aad0e06621",
"suid": "cf7739fc-1056-4544-9ab4-a909c42416ec",
"suser": "cf7739fc-1056-4544-9ab4-a909c42416ec"
},
{
"TimeGenerated": "2024-10-15 14:39:09.325000+00:00",
"deviceEventClassId": 4,
"name": "Site visit",
"start": 1729003149325,
"request": "",
"requestContext": "",
"reason": "",
"dhost": "d?iC^MUFD9\\Bu1<.+3Q>)gj9gSO3+I8/{S}yNq>A&21?:sam-IN7(/i#qf^]FMs/~",
"devicePayloadId": "b8f6848a07290a8b",
"suid": "cf7739fc-1056-4544-9ab4-a909c42416ec",
"suser": "cf7739fc-1056-4544-9ab4-a909c42416ec"
},
{
"TimeGenerated": "2024-10-15 14:39:09.324000+00:00",
"deviceEventClassId": 3,
"name": "HTTP request blocked",
"start": 1729003149324,
"request": "/%m8\\62Nc9rfHa^7#|^z:e8cU:\\*G[s5KEG?K0Kw3|h.X0U)<RFTVqlzOzDSTtOp4tlW{vj>NjroRep6+a:<bYuXlk&m7EB6MIw{hlEcCCHB$nX)8+fNj>f^pP)R4xw~/X/1xA>*KW%el^M)kI)IH#@KGZtpGi.qeZ*&[JCcvOh*@XlFpZ=0xwJWoK>8_eofg,Jw%CZuY]i6{G:qcp[?&;^uLlg^h.tv8kHy",
"requestContext": "fW56)_up7Z;&4C7-~[3I[f52pO5#On5tBEV[pdW|;tfd6]fkr+y9rPffQg*]?0;3XU5sp3T<%8W_O-jnpjGF\\:q|s%&oZ%g~B}>H3U&)S<EleBZlk-,sma[hir6@Zi2%;W[8H.:_N9|LV^B~r>iR=Q*p,4$1\\3y[[0z465$JK$JYreason=category-arms",
"reason": "",
"dhost": "",
"devicePayloadId": "6b8c53f30783d5b5",
"suid": "cf7739fc-1056-4544-9ab4-a909c42416ec",
"suser": "cf7739fc-1056-4544-9ab4-a909c42416ec"
},
{
"TimeGenerated": "2024-10-15 14:39:09.322000+00:00",
"deviceEventClassId": 0,
"name": "Page visit",
"start": 1729003149322,
"request": "={AT@@yufoRzB60y<O^26Y$uT#;-^@Q,T+1FtUL;9%L_P2KBY$WNyk)(D3fp5F1,X/tSCrg^oMHB<F*W3?n(v&\\f@p<~dI(4z#{lP*x&Kt@?{F<I_qG<z2CysDF5*[QMBIUC^GThfpebu$.S4{i}]X*#o~k&a,ol8Z(Ju68fzj?P",
"requestContext": "",
"reason": "",
"dhost": "",
"devicePayloadId": "dc5f245768e1263b",
"suid": "cf7739fc-1056-4544-9ab4-a909c42416ec",
"suser": "cf7739fc-1056-4544-9ab4-a909c42416ec"
},
{
"TimeGenerated": "2024-10-15 14:39:12.570000+00:00",
"deviceEventClassId": 2,
"name": "Page visit blocked",
"start": 1729003152570,
"request": "?QBNHE^NK)l%g}.{Ur}lolTW\\Qc@R65_?_q,qCZo8@#fv>vi/GpaeEJuA@w)Ogfi#a+47y{YB|@u%\\)Y}TK/KaoqFmT[{hB[F8<smpOqVj?#W4u:]p-9d^6Wn;SSo%nXy]g._G#k6K}s4fbt?rtab[?2:d_7XSy<141-bJDt]hT~",
"requestContext": "",
"reason": "category-arms",
"dhost": "",
"devicePayloadId": "9300453ad15f2ef5",
"suid": "cf0b5b78-270e-416c-8b42-0cc91232af86",
"suser": "cf0b5b78-270e-416c-8b42-0cc91232af86"
}
]