forked from Azure/Azure-Sentinel
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathRidgeSecurity_RawLogs.txt
7 lines (7 loc) · 1.16 KB
/
RidgeSecurity_RawLogs.txt
1
2
3
4
5
6
7
Oct 18 13:18:20 172.16.100.168 CEF: 0|RidgeSecurity|RidgeBot|4.2.4|1002|User login failed|3|act=Login: admin Failed suser=admin
Oct 18 13:18:20 172.16.100.168 CEF: 0|RidgeSecurity|RidgeBot|4.2.4|1002|User login failed|3|act=Login: admin Failed suser=admin
Oct 18 13:18:20 172.16.100.168 CEF: 0|RidgeSecurity|RidgeBot|4.2.4|1001|User Login/Logout|3|act=admin Login Success suser=admin
Oct 18 13:21:20 172.16.100.168 CEF: 0|RidgeSecurity|RidgeBot|4.2.4|3004|Task is restarted|3|taskName=moveit -100.146-clone-clone-sentinel
Oct 18 13:21:20 172.16.100.168 CEF: 0|RidgeSecurity|RidgeBot|4.2.4|4011|High severity vulnerability is detected|8|pt_test=Task=moveit -100.146-clone-clone-sentinel NodeIP=172.16.100.146 Target=https://172.16.100.146/
Oct 18 13:21:20 172.16.100.168 CEF: 0|RidgeSecurity|RidgeBot|4.2.4|4001|Critical business risk is exploited|9|pt_test=Task=moveit -100.146-clone-clone-sentinel NodeIP=172.16.100.146 RiskType=Remote Command Execution RiskName=MOVEit Transfer SQLi Vulnerability(CVE-2023-34362) Target=https://172.16.100.146/
Oct 18 13:21:20 172.16.100.168 CEF: 0|RidgeSecurity|RidgeBot|4.2.4|3002|Task is completed|3|taskName=moveit -100.146-clone-clone-sentinel